nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 23:43:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/nextcloud: Optionally disable setting HTTP response headers

Browse Source 
This commit introduces a new option
`services.nextcloud.nginx.recommendedHttpHeaders` that can be used to
optionally disable serving recommended HTTP Response Headers in nginx.
This is especially useful if some headers are already configured
elsewhere to be served in nginx and thus result in duplicate headers.

Resolves #120223
This commit is contained in:
Lara 2022-01-18 16:12:50 +00:00
parent 30cc7340f5
commit 7109660b9a
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -505,6 +505,12 @@ in {
The nextcloud-occ program preconfigured to target this Nextcloud instance.
'';
};
nginx.recommendedHttpHeaders = mkOption {
type = types.bool;
default = true;
description = "Enable additional recommended HTTP response headers";
};
};
config = mkIf cfg.enable (mkMerge [
@ -904,14 +910,16 @@ in {
};
extraConfig = ''
index index.php index.html /index.php$request_uri;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
${optionalString (cfg.nginx.recommendedHttpHeaders) ''
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options sameorigin;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
''}
client_max_body_size ${cfg.maxUploadSize};
fastcgi_buffers 64 4K;
fastcgi_hide_header X-Powered-By;