update

author: terminaldweller <thabogre@gmail.com> 2022-12-02 17:52:42 +0000
committer: terminaldweller <thabogre@gmail.com> 2022-12-02 17:52:42 +0000
commit: 674f40d027ece13daa78ef2a7d69c79f4198368a (patch)
tree: 2bcc0e41e5064b62d18bb376a5ecf0d760b6f13d /terminaldweller.com/cgit
parent: update (diff)
download: scripts-674f40d027ece13daa78ef2a7d69c79f4198368a.tar.gz
scripts-674f40d027ece13daa78ef2a7d69c79f4198368a.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/terminaldweller.com/cgit/cgit.conf b/terminaldweller.com/cgit/cgit.conf
index e180158..82a9877 100644
--- a/terminaldweller.com/cgit/cgit.conf
+++ b/terminaldweller.com/cgit/cgit.conf
@@ -1,10 +1,19 @@
-server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl" )
+server.modules += ( "mod_cgi", "mod_rewrite", "mod_openssl", "mod_setenv" )
 
 $SERVER["socket"] == ":443" {
     ssl.engine                    = "enable"
     ssl.pemfile                   = "/etc/certs/fullchain1.pem"
     ssl.privkey                   = "/etc/certs/privkey1.pem"
 
+    setenv.add-response-header = (
+	"Strict-Transport-Security"=>"max-age=63072000; includeSubdomains", 
+	"X-Frame-Options"=>"DENY",
+	"X-XSS-Protection"=>"1; mode=block",
+	"X-Content-Type-Options" => "nosniff",
+	"Content-Security-Policy" => "script-src 'self'; object-src 'self'",
+	"X-Permitted-Cross-Domain-Policies" => "none",
+	"Referrer-Policy" => "no-referrer")
+
     server.name          = "git.terminaldweller.com"
     server.document-root = "/usr/share/webapps/cgit/"
author	terminaldweller <thabogre@gmail.com>	2022-12-02 17:52:42 +0000
committer	terminaldweller <thabogre@gmail.com>	2022-12-02 17:52:42 +0000
commit	674f40d027ece13daa78ef2a7d69c79f4198368a (patch)
tree	2bcc0e41e5064b62d18bb376a5ecf0d760b6f13d /terminaldweller.com/cgit
parent	update (diff)
download	scripts-674f40d027ece13daa78ef2a7d69c79f4198368a.tar.gz scripts-674f40d027ece13daa78ef2a7d69c79f4198368a.zip