diff options
author | Romain Gonçalves <me@rgoncalves.se> | 2024-07-01 11:03:56 +0200 |
---|---|---|
committer | Romain Gonçalves <me@rgoncalves.se> | 2024-07-01 11:05:18 +0200 |
commit | 7ea5af649faf2b63d5917998d0c9a2435e2b4f24 (patch) | |
tree | 0dfdeaa26128ef7ebbd7e9b63668bed6964976fb /roles | |
parent | 7145dc982cc0e0fff4afa91d7e3970ad1abddf3f (diff) | |
download | rules-7ea5af649faf2b63d5917998d0c9a2435e2b4f24.tar.gz |
fix(roles/relayd): mjs mimetype and correct nextclud header
Diffstat (limited to 'roles')
-rw-r--r-- | roles/httpd/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/relayd/templates/relayd.conf.j2 | 13 |
2 files changed, 10 insertions, 4 deletions
diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml index 5e2af25..1ddaccd 100644 --- a/roles/httpd/defaults/main.yml +++ b/roles/httpd/defaults/main.yml @@ -3,6 +3,7 @@ httpd__supported_types: - application/pdf pdf - application/xml xml rss + - application/javascript js mjs - audio/mpeg mp3 - image/gif gif - image/jpeg jpeg jpg diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2 index 4169251..b14e6bf 100644 --- a/roles/relayd/templates/relayd.conf.j2 +++ b/roles/relayd/templates/relayd.conf.j2 @@ -23,15 +23,20 @@ http protocol "https" { tcp { sack, backlog 128 } - match request header append "X-Forwarded-For" value "$REMOTE_ADDR" - match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" - match request header set "Connection" value "close" match request header set "X-Forwarded-Proto" value "https" + # match request header append "X-Forwarded-For" value "$REMOTE_ADDR" + # match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" match request header set "X-Forwarded-For" value "$REMOTE_ADDR" match request header set "X-Forwarded-Port" value "$REMOTE_PORT" + + match response header set "X-XSS-Protection" value "1; mode=block" + match response header set "X-Content-Type-Options" value "nosniff" + + match request header set "Connection" value "close" match response header set "Content-Security-Policy" value "upgrade-insecure-requests" match response header set "Referrer-Policy" value "no-referrer" - match response header set "X-XSS-Protection" value "1; mode=block" + match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload" + {% call(h) macros.loop_valid_hosts(relayd__connected_hosts) -%} {% for rule in h.relayd__rules %} |