bundles/nginx: hide content security headers coming from php

This commit is contained in:
Franzi 2023-09-02 20:49:05 +02:00
parent 72607adbfe
commit ea77c68e16
Signed by: kunsi
GPG key ID: 12E3D2136B818350

View file

@ -149,9 +149,16 @@ server {
% endfor
% endif
% if php:
location ~ \.php$ {
location ~ \.php(?:$|/) {
include fastcgi.conf;
fastcgi_pass unix:/run/php/php${php_version}-fpm.sock;
% if not do_not_set_content_security_headers:
fastcgi_hide_header Referrer-Policy;
fastcgi_hide_header X-Frame-Options;
fastcgi_hide_header X-Content-Type-Options;
fastcgi_hide_header X-XSS-Protection;
% endif
fastcgi_hide_header Permissions-Policy;
}
% if not max_body_size:
client_max_body_size 5M;