about summary refs log tree commit diff
path: root/nixos/modules
diff options
context:
space:
mode:
authorgithub-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>2022-01-21 12:02:00 +0000
committerGitHub <noreply@github.com>2022-01-21 12:02:00 +0000
commitd2479e9b4a81e518777f630863b86068fbf49eb0 (patch)
tree67fc0d7cbea5cab959ef86aa3048f3fd289b0c21 /nixos/modules
parent3f471afb632637305b69016a6a1d0b28b4e040f6 (diff)
parente156d59d2b300ca0365ab60ae6690844995b4b3b (diff)
Merge staging-next into staging
Diffstat (limited to 'nixos/modules')
-rw-r--r--nixos/modules/services/web-apps/nextcloud.nix24


1 files changed, 16 insertions, 8 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index 6692d67081c5a..739ba1ea12f65 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -505,6 +505,12 @@ in {
         The nextcloud-occ program preconfigured to target this Nextcloud instance.
       '';
     };
+
+    nginx.recommendedHttpHeaders = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable additional recommended HTTP response headers";
+    };
   };
 
   config = mkIf cfg.enable (mkMerge [
@@ -904,14 +910,16 @@ in {
         };
         extraConfig = ''
           index index.php index.html /index.php$request_uri;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          add_header X-Robots-Tag none;
-          add_header X-Download-Options noopen;
-          add_header X-Permitted-Cross-Domain-Policies none;
-          add_header X-Frame-Options sameorigin;
-          add_header Referrer-Policy no-referrer;
-          add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+          ${optionalString (cfg.nginx.recommendedHttpHeaders) ''
+            add_header X-Content-Type-Options nosniff;
+            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Robots-Tag none;
+            add_header X-Download-Options noopen;
+            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Frame-Options sameorigin;
+            add_header Referrer-Policy no-referrer;
+            add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+          ''}
           client_max_body_size ${cfg.maxUploadSize};
           fastcgi_buffers 64 4K;
           fastcgi_hide_header X-Powered-By;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-03 20:33:45 +0000