7x31/nginxconfig.io
1
0
Fork 0
mirror of https://github.com/digitalocean/nginxconfig.io.git synced 2025-11-06 03:06:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Start showing more config files!

Browse Source
This commit is contained in:
MattIPv4
2020-05-20 18:59:33 +01:00
parent 7fa39d4bcc
commit 88d66f415c
3 changed files with 41 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/nginxconfig/generators/conf/security.conf.js
View File

@@ -4,19 +4,19 @@ export default (domains, global) => {
const config = [];
config.push(['# security headers', '']);
config.push(['add_header', 'X-Frame-Options "SAMEORIGIN" always']);
config.push(['add_header', 'X-XSS-Protection "1; mode=block" always']);
config.push(['add_header', 'X-Content-Type-Options "nosniff" always']);
config.push(['add_header', `Referrer-Policy "${global.security.referrerPolicy.computed}" always`]);
config.push(['add_header X-Frame-Options', '"SAMEORIGIN" always']);
config.push(['add_header X-XSS-Protection', '"1; mode=block" always']);
config.push(['add_header X-Content-Type-Options', '"nosniff" always']);
config.push(['add_header Referrer-Policy', `"${global.security.referrerPolicy.computed}" always`]);
if (global.security.contentSecurityPolicy.computed)
config.push(['add_header', `Content-Security-Policy "${global.security.contentSecurityPolicy.computed}" always`]);
config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]);
// Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings
if (commonHsts(domains)) {
const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed;
const commonHSTSPreload = domains.length && domains[0].https.hstsPreload.computed;
config.push(['add_header', `Strict-Transport-Security "max-age=31536000${commonHSTSSubdomains ? '; includeSubDomains' : ''}${commonHSTSPreload ? '; preload' : ''}" always`]);
config.push(['add_header Strict-Transport-Security', `"max-age=31536000${commonHSTSSubdomains ? '; includeSubDomains' : ''}${commonHSTSPreload ? '; preload' : ''}" always`]);
}
config.push(['# . files', '']);