2
0
mirror of https://github.com/frappe/bench.git synced 2024-11-12 08:16:28 +00:00

fix: set referrer-policy header in nginx config

sets the "Referrer-Policy" header to "strict-origin-when-cross-origin",
with "same-origin" as a fallback

setting the referrer policy prevents sharing site context to external
links, preventing cross-site hijacking or tab nagging.

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
This commit is contained in:
Chinmay D. Pai 2020-05-26 10:51:34 +05:30
parent 2c5d1188b8
commit a4916d7b89
No known key found for this signature in database
GPG Key ID: 75507BE256F40CED

View File

@ -49,6 +49,7 @@ server {
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin";
location /assets { location /assets {
try_files $uri =404; try_files $uri =404;