From f6424dc6a70c598d581743113ef292d7e6487077 Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Mon, 28 Mar 2022 23:08:44 +0430 Subject: added feature-policy to nginx --- spring-front/nginx.conf | 1 + 1 file changed, 1 insertion(+) (limited to 'spring-front') diff --git a/spring-front/nginx.conf b/spring-front/nginx.conf index cea4a92..db1eea9 100644 --- a/spring-front/nginx.conf +++ b/spring-front/nginx.conf @@ -22,6 +22,7 @@ http { add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com; style-src 'self' 'unsafe-inline' unpkg.com"; + add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker none;vibrate none;fullscreen self;payment none;"; add_header X-Frame-Options SAMEORIGIN always; add_header X-XSS-Protection "1; mode=block" always; fastcgi_hide_header X-Powered-By; -- cgit v1.2.3