Home Explore Help
Sign In
github-mirror
/
docker-jitsi-meet
mirror of https://github.com/jitsi/docker-jitsi-meet
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

web: set security headers also for non HTTPS

Fixes: #493
Jakub Onderka 4 years ago
parent
e6586f2ad2
commit
2a0120d
2 changed files with 4 additions and 2 deletions
Unified View Show Diff Stats
  1. 4 0
      web/rootfs/defaults/meet.conf
  2. 0 2
      web/rootfs/defaults/ssl.conf

+ 4 - 0
web/rootfs/defaults/meet.conf
View File 

@@ -11,6 +11,10 @@ ssi_types application/x-javascript application/javascript;
 
 index index.html index.htm;
 
 index index.html index.htm;
 
 error_page 404 /static/404.html;
 
 error_page 404 /static/404.html;
 
 
 
+# Security headers
 
+add_header X-Content-Type-Options nosniff;
 
+add_header X-XSS-Protection "1; mode=block";
 
+
 
 location = /config.js {
 
 location = /config.js {
 
     alias /config/config.js;
 
     alias /config/config.js;
 
 }
 
 }

+ 0 - 2
web/rootfs/defaults/ssl.conf
View File 

@@ -20,5 +20,3 @@ ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-
 
 
 
 # headers
 
 # headers
 
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
-add_header X-Content-Type-Options nosniff;
 
-add_header X-XSS-Protection "1; mode=block";