1 files changed, 6 insertions, 5 deletions

diff --git a/spring-front/nginx.conf b/spring-front/nginx.conf
index cf2a208..03efdb9 100644
--- a/spring-front/nginx.conf
+++ b/spring-front/nginx.conf
@@ -9,9 +9,9 @@ http {
     listen 443 ssl http2;
     keepalive_timeout 60;
     charset utf-8;
-    ssl_certificate /certs/server.cert;
-    ssl_certificate_key /certs/server.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate /etc/letsencrypt/live/editor.terminaldweller.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/editor.terminaldweller.com/privkey.pem;
+    ssl_protocols TLSv1.3;
     ssl_ciphers HIGH:!aNULL:!MD5;
     ssl_session_cache shared:SSL:50m;
     ssl_session_timeout 1d;
@@ -19,12 +19,13 @@ http {
     ssl_prefer_server_ciphers on;
     sendfile on;
     tcp_nopush on;
-    add_header X-Content-Type-Options "nosniff" always;
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; connect-src *;";
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com; connect-src *; object-src none;";
     add_header X-Frame-Options SAMEORIGIN always;
+    add_header X-Content-Type-Options "nosniff" always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header Permissions-Policy "geolocation=(self),midi=(self),sync-xhr=(self),microphone=(self),camera=(self),magnetometer=(self),gyroscope=(self),fullscreen=(self),payment=(self),usb=(self)";
+    add_header Referrer-Policy "no-referrer";
     fastcgi_hide_header X-Powered-By;
     resolver 9.9.9.9 208.67.222.222;
     ssl_stapling on;