mirror
/
docker-jitsi-meet
mirror of https://github.com/jitsi/docker-jitsi-meet
2
0
Fork 0
Code Issues Releases Wiki Activity

web: set security headers also for non HTTPS

Browse Source 
Fixes: #493
pull/699/head
Jakub Onderka 4 years ago committed by GitHub
parent e6586f2ad2
commit 2a0120de8b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      web/rootfs/defaults/meet.conf
  2. 2
      web/rootfs/defaults/ssl.conf

4
web/rootfs/defaults/meet.conf
Unescape View File

@ -11,6 +11,10 @@ ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location = /config.js {
alias /config/config.js;
}

2
web/rootfs/defaults/ssl.conf
Unescape View File

@ -20,5 +20,3 @@ ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-
# headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

Write Preview
Loading…
Cancel
Save