xoxys.nginx/templates/etc/nginx/conf.d/header.conf.j2

30 lines
1.3 KiB
Plaintext
Raw Normal View History

2019-06-11 15:01:38 +00:00
#jinja2: lstrip_blocks: True
2019-07-18 06:59:41 +00:00
{{ ansible_managed | comment }}
2018-10-22 08:11:35 +00:00
# protect against protocol downgrading and cookie hijacking
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#hsts
2019-06-11 15:01:38 +00:00
{% if nginx_tls_hsts_enabled and nginx_hsts_options is defined%}
add_header Strict-Transport-Security "{{ nginx_hsts_options | join('; ') }}";
{% endif %}
2018-10-22 08:11:35 +00:00
# improve the protection against Clickjacking
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xfo
{% if nginx_xfo_enabled %}
add_header X-Frame-Options {{ nginx_xfo_policy }};
{% endif %}
2019-06-11 15:01:38 +00:00
{% if nginx_csp_enabled and nginx_csp_options is defined %}
add_header Content-Security-Policy "{% for item in nginx_csp_options %}{{ item.directive }} {{ item.parameters | join(' ') }};{% endfor %}";
{% endif %}
2018-10-22 08:11:35 +00:00
# prevent from interpreting files as something else than declared by the content type in HTTP headers
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
{% if nginx_xcto_enabled %}
2017-07-15 15:24:48 +00:00
add_header X-Content-Type-Options nosniff;
2018-10-22 08:11:35 +00:00
{% endif %}
# enables the cross-site scripting (XSS) filter of the browsers
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xxxsp
{% if nginx_xxxsp_enabled %}
add_header X-XSS-Protection "1; {{ nginx_xxxsp_parameters | default([])|join(' ; ') }}";
{% endif %}