Add hardened headers to user-uploaded files (#25756)

2023-07-06 14:31:37 +02:00
parent fac2c9eb7d
commit 9b6c0cac7d
2 changed files with 7 additions and 0 deletions
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@ -109,6 +109,8 @@ server {
  location ~ ^/system/ {
    add_header Cache-Control "public, max-age=2419200, immutable";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+    add_header X-Content-Type-Options nosniff;
+    add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
    try_files $uri =404;
  }