bundles/nginx: hide content security headers coming from php

2023-09-02 20:49:05 +02:00 · 2023-09-02 20:49:05 +02:00 · ea77c68e16
parent 72607adbfe
commit ea77c68e16
1 changed files with 8 additions and 1 deletions
--- a/bundles/nginx/files/site_template
+++ b/bundles/nginx/files/site_template
@ -149,9 +149,16 @@ server {
 %  endfor
 % endif
 % if php:
-    location ~ \.php$ {
+    location ~ \.php(?:$|/) {
        include fastcgi.conf;
        fastcgi_pass unix:/run/php/php${php_version}-fpm.sock;
+% if not do_not_set_content_security_headers:
+        fastcgi_hide_header Referrer-Policy;
+        fastcgi_hide_header X-Frame-Options;
+        fastcgi_hide_header X-Content-Type-Options;
+        fastcgi_hide_header X-XSS-Protection;
+% endif
+        fastcgi_hide_header Permissions-Policy;
    }
 %  if not max_body_size:
    client_max_body_size 5M;