Add hardened headers to user-uploaded files
parent
6b538225af
commit
c309011346
|
@ -161,6 +161,10 @@ module Mastodon
|
|||
|
||||
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time, ActiveSupport::HashWithIndifferentAccess, ActiveSupport::TimeWithZone, ActiveSupport::TimeZone]
|
||||
|
||||
config.public_file_server.headers = {
|
||||
'X-Content-Type-Options' => 'nosniff',
|
||||
}
|
||||
|
||||
# config.paths.add File.join('app', 'api'), glob: File.join('**', '*.rb')
|
||||
# config.autoload_paths += Dir[Rails.root.join('app', 'api', '*')]
|
||||
|
||||
|
|
|
@ -61,12 +61,15 @@ server {
|
|||
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
location /sw.js {
|
||||
add_header Cache-Control "public, max-age=0";
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
try_files $uri @proxy;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue