From 61965a5c7900c46ac3e4a638e552ee1c44c2577b Mon Sep 17 00:00:00 2001 From: inference Date: Sun, 29 Jun 2025 17:55:35 +0000 Subject: [PATCH] add(nginx): No-CSP security-header file Content Security Policy breaks some features of Gitea and should be disabled. This header file allows other configuration files to use it, too. --- xb-00-01/nginx/include/header-security-nocsp.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 xb-00-01/nginx/include/header-security-nocsp.conf diff --git a/xb-00-01/nginx/include/header-security-nocsp.conf b/xb-00-01/nginx/include/header-security-nocsp.conf new file mode 100644 index 0000000..a91b993 --- /dev/null +++ b/xb-00-01/nginx/include/header-security-nocsp.conf @@ -0,0 +1,13 @@ +# Inferencium - xb-00-01 +# Nginx - Configuration - Header - Security - No CSP +# Version: 1.0.0-beta.1 + +# Copyright 2025 Jake Winters +# SPDX-License-Identifier: BSD-3-Clause + + +add_header Strict-Transport-Security "max-age=126200000; includeSubDomains; preload"; +add_header X-Frame-Options "DENY"; +add_header X-Content-Type-Options nosniff; +add_header Referrer-Policy no-referrer; +