Unblock some header options, because this is fundamentally cross-site #69

src/freedombone-app-fedwiki

@@ -268,9 +268,10 @@ function fedwiki_setup_web {
         function_check nginx_ssl
         nginx_ssl $FEDWIKI_DOMAIN_NAME mobile
 
-        function_check nginx_disable_sniffing
+        echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
-        nginx_disable_sniffing $FEDWIKI_DOMAIN_NAME
+        echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
-
+        echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
+        echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
         echo '  add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
         echo '' >> $fedwiki_nginx_file
         echo '  location / {' >> $fedwiki_nginx_file
@@ -281,6 +282,7 @@ function fedwiki_setup_web {
         echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
         echo '  }' >> $fedwiki_nginx_file
         echo '}' >> $fedwiki_nginx_file
+        echo '' >> $fedwiki_nginx_file
     else
         echo -n '' > $fedwiki_nginx_file
     fi
@@ -288,6 +290,11 @@ function fedwiki_setup_web {
     echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
     echo "  server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
     echo '' >> $fedwiki_nginx_file
+    echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
+    echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
+    echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
+    echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
+    echo '' >> $fedwiki_nginx_file
     echo '  location / {' >> $fedwiki_nginx_file
     echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
     echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file