6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-12-13 06:37:46 +00:00

Remove information that makes web server identifiable

P3P is obsolete https://en.wikipedia.org/wiki/P3P
Also, these P3P headers leak information about the application that is
running, making it sensitive to attacks.
This commit is contained in:
Régis Behmo 2019-06-25 14:00:31 +02:00
parent 69d7cf049d
commit f4796fce4b
2 changed files with 3 additions and 11 deletions

View File

@ -21,14 +21,10 @@ server {
{% endif %}
client_max_body_size 100M;
server_tokens off;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
# Disables server version feedback on pages and in headers
server_tokens off;
# Prevent invalid display courseware in IE 10+ with high privacy settings
add_header P3P 'CP="Open edX does not have a P3P policy."';
location @proxy_to_cms_app {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;

View File

@ -21,14 +21,10 @@ server {
{% endif %}
client_max_body_size 4M;
server_tokens off;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
# Disables server version feedback on pages and in headers
server_tokens off;
# Prevent invalid display courseware in IE 10+ with high privacy settings
add_header P3P 'CP="Open edX does not have a P3P policy."';
location @proxy_to_lms_app {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;