Skip to content

Commit

Permalink
fix(docker): Add security http headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@barnslig
barnslig committed Feb 16, 2022
1 parent dbb4452 commit b95a817
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:14-alpine AS app
FROM node:16-alpine AS app

COPY app /app
WORKDIR /app
Expand Down
6 changes: 6 additions & 0 deletions docker/etc/nginx/sites-enabled/default
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ server {

root /var/www/html;

add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none';" always;
add_header X-Frame-Options "DENY" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;

location / {
try_files $uri $uri/ /index.html;
}
Expand Down

0 comments on commit b95a817

Please sign in to comment.