aboutsummaryrefslogtreecommitdiffstats
path: root/docker/nginx/default.conf
diff options
context:
space:
mode:
Diffstat (limited to 'docker/nginx/default.conf')
-rw-r--r--docker/nginx/default.conf8
1 files changed, 8 insertions, 0 deletions
diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf
index 44ebf62..e778b44 100644
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@@ -4,6 +4,14 @@ server {
root /var/www/html/public;
index index.php;
+ # Prevent browsers from MIME-sniffing a response away from the declared type
+ add_header X-Content-Type-Options "nosniff" always;
+ # Block the page from being loaded inside an iframe (prevents clickjacking)
+ add_header X-Frame-Options "DENY" always;
+ # Only allow resources from the same origin — inline styles are needed for
+ # GD-generated image previews, media-src blob: for webcam capture
+ add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; media-src 'self' blob:;" always;
+
location / {
try_files $uri $uri/ /index.php?$query_string;
}
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-16 16:24:46 +0000