From e4734b6ef70fea094abca1d99e2c72d92f95d127 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 18 Dec 2017 13:21:09 +0000
Subject: [PATCH] Unblock some header options, because this is fundamentally
 cross-site #69

---
 src/freedombone-app-fedwiki | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-fedwiki b/src/freedombone-app-fedwiki
index 985ee466..cbb9c0ed 100755
--- a/src/freedombone-app-fedwiki
+++ b/src/freedombone-app-fedwiki
@@ -268,9 +268,10 @@ function fedwiki_setup_web {
         function_check nginx_ssl
         nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
 
-        function_check nginx_disable_sniffing
-        nginx_disable_sniffing $FEDWIKI_DOMAIN_NAME
-
+        echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
+        echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
+        echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
+        echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
         echo '  add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
         echo '' >> $fedwiki_nginx_file
         echo '  location / {' >> $fedwiki_nginx_file
@@ -281,6 +282,7 @@ function fedwiki_setup_web {
         echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
         echo '  }' >> $fedwiki_nginx_file
         echo '}' >> $fedwiki_nginx_file
+        echo '' >> $fedwiki_nginx_file
     else
         echo -n '' > $fedwiki_nginx_file
     fi
@@ -288,6 +290,11 @@ function fedwiki_setup_web {
     echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
     echo "  server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
     echo '' >> $fedwiki_nginx_file
+    echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
+    echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
+    echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
+    echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
+    echo '' >> $fedwiki_nginx_file
     echo '  location / {' >> $fedwiki_nginx_file
     echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
     echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file