Adding security headers. - infra - Terraform IoC for my remote (Hetzner) and local (Incus) servers.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit bd1339f5640159f72e7b87ebebacb123bd0f1de2
(DIR) parent 03eeebe95897365257954d4c34e803caf5ea7524
(HTM) Author: Jay Scott <me@jay.scot>
Date: Tue, 24 Dec 2024 15:12:45 +0000
Adding security headers.
Diffstat:
M remote/cloudinit/main.yml | 9 +++++++++
1 file changed, 9 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/remote/cloudinit/main.yml b/remote/cloudinit/main.yml
@@ -44,4 +44,13 @@ write_files:
root * /srv/www
encode gzip
file_server
+ header / {
+ -Server
+ X-Content-Type-Options nosniff
+ X-Frame-Options DENY
+ Referrer-Policy "no-referrer-when-downgrade"
+ Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+ Permissions-Policy interest-cohort=()
+ Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; font-src 'self'; img-src 'self';"
+ }
}