From 645bcf9f34d4c481004f9ad8132aea4b708098f9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 13 Feb 2018 11:33:27 +0000 Subject: [PATCH] Additional security policy settings for ttrss --- src/freedombone-app-rss | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/freedombone-app-rss b/src/freedombone-app-rss index 4639c71b..4e31eb75 100755 --- a/src/freedombone-app-rss +++ b/src/freedombone-app-rss @@ -428,7 +428,11 @@ function install_rss_main { echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME @@ -482,7 +486,11 @@ function install_rss_main { echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME - echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-XSS-Protection "1; mode=block";' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Robots-Tag none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Download-Options noopen;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Permitted-Cross-Domain-Policies none;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME + echo ' add_header X-Frame-Options SAMEORIGIN;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME echo '}' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME