From Kyle Copperfield to ~sircmpwn/sr.ht-dev
- Strong defaults based on the mozilla ssl generator - Commented out CSP (needs input on remote includes in sr.ht) - XFO / XSS / Content-Type all common headers - Strict cross origin referrer policy to prevent data leaks - Strict feature policies sr.ht does not need, with omissions for potentially used features in the future - DNS prefetch limitation on urls simply on the page - upgrade insecure requests for remote includes, which should really be blocked by the CSP anyway. --- nginx/http.conf | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/nginx/http.conf b/nginx/http.conf [message trimmed]
From Kyle Copperfield to ~sircmpwn/sr.ht-dev
This patch adds both security headers and strong cipher suites to the nginx configuration of sr.ht Kyle Copperfield (1): nginx/http.conf: security headers nginx/http.conf | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) -- 2.24.0