epistemophiliac/frappe_docker
1
0
Fork 0
mirror of https://github.com/frappe/frappe_docker.git synced 2026-06-17 13:55:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactor: Move shared security headers into a snippet and include it in server and files location blocks.

Browse source
This commit is contained in:
Rin 2026-03-16 23:11:41 +07:00
parent 904df21d43
commit 57287e9cff
2 changed files with 7 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
resources/core/nginx/nginx-template.conf
View file

@ -21,11 +21,7 @@ server {
proxy_buffers 4 256k; proxy_buffers 4 256k;
proxy_busy_buffers_size 256k; proxy_busy_buffers_size 256k;
add_header X-Frame-Options "SAMEORIGIN" always; include resources/core/nginx/security_headers.conf;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
set_real_ip_from ${UPSTREAM_REAL_IP_ADDRESS}; set_real_ip_from ${UPSTREAM_REAL_IP_ADDRESS};
real_ip_header ${UPSTREAM_REAL_IP_HEADER}; real_ip_header ${UPSTREAM_REAL_IP_HEADER};
@ -59,11 +55,7 @@ server {
rewrite ^(.+)\.html$ $1 permanent; rewrite ^(.+)\.html$ $1 permanent;
location ~ ^/files/.*.(htm|html|svg|xml) { location ~ ^/files/.*.(htm|html|svg|xml) {
add_header X-Frame-Options "SAMEORIGIN" always; include resources/core/nginx/security_headers.conf;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;
add_header Content-disposition "attachment"; add_header Content-disposition "attachment";
try_files /${FRAPPE_SITE_NAME_HEADER}/public/$uri @webserver; try_files /${FRAPPE_SITE_NAME_HEADER}/public/$uri @webserver;
} }

5
resources/core/nginx/security_headers.conf Normal file
View file

@ -0,0 +1,5 @@
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin" always;