colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #155502 from yayayayaka/nextcloud-optional-headers

Browse Source 
nixos/nextcloud: Optionally disable setting HTTP response headers
This commit is contained in:
Maximilian Bosch 2022-01-21 10:53:28 +01:00 committed by GitHub
commit 588fd794b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -505,6 +505,12 @@ in {
The nextcloud-occ program preconfigured to target this Nextcloud instance.
'';
};
nginx.recommendedHttpHeaders = mkOption {
type = types.bool;
default = true;
description = "Enable additional recommended HTTP response headers";
};
};
config = mkIf cfg.enable (mkMerge [
@ -904,14 +910,16 @@ in {
};
extraConfig = ''
index index.php index.html /index.php$request_uri;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
${optionalString (cfg.nginx.recommendedHttpHeaders) ''
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
''}
client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;