Increase security including missing http headers.

Signed-off-by: rafappelt <[email protected]>
hemilabs · Oct 18, 2024 · 5947963 · 5947963
1 parent bde459d
commit 5947963
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/apps/web/nginx.conf b/apps/web/nginx.conf
@@ -6,13 +6,17 @@ server {
     root   /usr/share/nginx/html;
     index  index.html index.htm;
     try_files $uri $uri/ /index.html;
+
+    add_header Content-Security-Policy "upgrade-insecure-requests";
+    add_header Permissions-Policy "geolocation=(), microphone=()";
   }
 
   location /api {
     proxy_pass http://cryptochords-api-service:3000;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "Upgrade";
+    proxy_set_header Permissions-Policy "geolocation=(), microphone=()";
   }
 
   error_page   500 502 503 504  /50x.html;