From 59479630be8646a697ca434994cd4a3532aa2a57 Mon Sep 17 00:00:00 2001
From: rafappelt <rafael@appelt.com.br>
Date: Fri, 18 Oct 2024 14:14:51 -0300
Subject: [PATCH] Increase security including missing http headers.

Signed-off-by: rafappelt <rafael@appelt.com.br>
---
 apps/web/nginx.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/web/nginx.conf b/apps/web/nginx.conf
index 84b0e5f..7a7f279 100644
--- a/apps/web/nginx.conf
+++ b/apps/web/nginx.conf
@@ -6,6 +6,9 @@ server {
     root   /usr/share/nginx/html;
     index  index.html index.htm;
     try_files $uri $uri/ /index.html;
+    
+    add_header Content-Security-Policy "upgrade-insecure-requests";
+    add_header Permissions-Policy "geolocation=(), microphone=()";
   }
 
   location /api {
@@ -13,6 +16,7 @@ server {
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "Upgrade";
+    proxy_set_header Permissions-Policy "geolocation=(), microphone=()";
   }
 
   error_page   500 502 503 504  /50x.html;