forked from colin/resume
Update docker/resume/nginx.conf
This commit is contained in:
parent
7eca9fc876
commit
c8e842a0fe
|
|
@ -3,29 +3,32 @@ server {
|
|||
root /usr/share/nginx/html;
|
||||
index resume.html;
|
||||
|
||||
# Enhanced Content-Security-Policy
|
||||
# Content-Security-Policy (CSP) for a Secure Static Page
|
||||
add_header Content-Security-Policy "
|
||||
default-src 'none';
|
||||
script-src 'self' https://matomo.nixc.us;
|
||||
style-src 'self'; # Removed 'unsafe-inline' if possible by moving inline styles to external
|
||||
style-src 'self'; # No 'unsafe-inline' since inline styles are not allowed
|
||||
img-src 'self' https://matomo.nixc.us;
|
||||
frame-ancestors 'self';
|
||||
base-uri 'self';
|
||||
form-action 'self';
|
||||
";
|
||||
|
||||
# Security Headers
|
||||
# Essential Security Headers
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
||||
|
||||
# Optional Cross-Origin Headers
|
||||
# Permissions-Policy to Block Access to Special Features
|
||||
add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), accelerometer=(), gyroscope=(), magnetometer=(), payment=(), usb=()" always;
|
||||
|
||||
# Cross-Origin Headers for Additional Security
|
||||
add_header Cross-Origin-Embedder-Policy "require-corp" always;
|
||||
add_header Cross-Origin-Resource-Policy "same-origin" always;
|
||||
add_header Cross-Origin-Opener-Policy "same-origin" always;
|
||||
|
||||
# Basic location block for serving files
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue