gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

Add Referrer-Policy for html document by default

This commit is contained in:
Léo Colombaro 2019-02-13 14:31:53 +01:00
parent c04dcb232f
commit f600128203
No known key found for this signature in database
GPG Key ID: 687B480A6D4F735F
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
h5bp/basic.conf
View File

@ -3,6 +3,7 @@
include h5bp/internet_explorer/x-ua-compatible.conf;
include h5bp/security/content-security-policy.conf;
include h5bp/security/referrer-policy.conf.conf;
include h5bp/security/x-content-type-options.conf;
include h5bp/security/x-frame-options.conf;
include h5bp/security/x-xss-protection.conf;

2
h5bp/security/referrer-policy.conf
View File

@ -15,4 +15,4 @@
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Referrer-Policy $referrer_policy always;

6
nginx.conf
View File

@ -115,6 +115,12 @@ http {
text/html "script-src 'self'; object-src 'self'";
}
# Add Referrer-Policy for HTML documents.
# h5bp/security/referrer-policy.conf.conf
map $sent_http_content_type $referrer_policy {
text/html "no-referrer-when-downgrade";
}
# Add X-UA-Compatible for HTML documents.
# h5bp/internet_explorer/x-ua-compatible.conf
map $sent_http_content_type $x_ua_compatible {