Redocly/redoc
1
1
Fork 0
mirror of https://github.com/Redocly/redoc.git synced 2025-08-07 21:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add security headers to nginx config

Browse Source 
Increase the security of the nginx server and the served page, by adding the following security headers to the nginx config:
- X-Frame-Options (Disables click jacking by disallowing the page to be run in a frame/iframe)
- X-XSS-Protection (Enables cross site scripting filtering)
- X-Content-Type-Options (Disables MIME sniffing and forces browser to use the type given in Content-Type.)
- Content-Security-Policy (Controls resources the user agent is allowed to load for a given page.)
- Referrer-Policy (Governs which referrer information sent in the Referer header should be included with requests made.)

Additional headers that could be added optionally:
- Strict-Transport-Security (Enforce HTTPS over HTTP)
This commit is contained in:
Daniel Schosser 2020-04-24 14:39:35 +02:00 committed by GitHub
parent ffa216ea87
commit e3117c087f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/docker/nginx.conf
View File

@ -17,6 +17,13 @@ http {
server_name localhost; server_name localhost;
index index.html index.htm; index index.html index.htm;
# Add security headers
add_header X-Frame-Options deny always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff always;
add_header Content-Security-Policy "default-src 'none'" always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
location / { location / {
alias /usr/share/nginx/html/; alias /usr/share/nginx/html/;