Unblock some header options, because this is fundamentally cross-site

This commit is contained in:
Bob Mottram 2017-12-18 13:21:09 +00:00
parent 01fd4456ea
commit e4734b6ef7
1 changed files with 10 additions and 3 deletions

View File

@ -268,9 +268,10 @@ function fedwiki_setup_web {
function_check nginx_ssl
nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
function_check nginx_disable_sniffing
nginx_disable_sniffing $FEDWIKI_DOMAIN_NAME
echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' location / {' >> $fedwiki_nginx_file
@ -281,6 +282,7 @@ function fedwiki_setup_web {
echo ' client_max_body_size 1M;' >> $fedwiki_nginx_file
echo ' }' >> $fedwiki_nginx_file
echo '}' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
else
echo -n '' > $fedwiki_nginx_file
fi
@ -288,6 +290,11 @@ function fedwiki_setup_web {
echo " listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
echo " server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
echo ' add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
echo ' add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
echo ' add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
echo '' >> $fedwiki_nginx_file
echo ' location / {' >> $fedwiki_nginx_file
echo " proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file