diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-01-21 12:02:00 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-21 12:02:00 +0000 |
commit | d2479e9b4a81e518777f630863b86068fbf49eb0 (patch) | |
tree | 67fc0d7cbea5cab959ef86aa3048f3fd289b0c21 /nixos/modules | |
parent | 3f471afb632637305b69016a6a1d0b28b4e040f6 (diff) | |
parent | e156d59d2b300ca0365ab60ae6690844995b4b3b (diff) |
Merge staging-next into staging
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 6692d67081c5a..739ba1ea12f65 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -505,6 +505,12 @@ in { The nextcloud-occ program preconfigured to target this Nextcloud instance. ''; }; + + nginx.recommendedHttpHeaders = mkOption { + type = types.bool; + default = true; + description = "Enable additional recommended HTTP response headers"; + }; }; config = mkIf cfg.enable (mkMerge [ @@ -904,14 +910,16 @@ in { }; extraConfig = '' index index.php index.html /index.php$request_uri; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header X-Frame-Options sameorigin; - add_header Referrer-Policy no-referrer; - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + ${optionalString (cfg.nginx.recommendedHttpHeaders) '' + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options sameorigin; + add_header Referrer-Policy no-referrer; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + ''} client_max_body_size ${cfg.maxUploadSize}; fastcgi_buffers 64 4K; fastcgi_hide_header X-Powered-By; |