Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Referrer-Policy header in nginx configuration example #845

Closed
fa-ribeiro opened this issue Aug 27, 2018 · 2 comments
Closed

No Referrer-Policy header in nginx configuration example #845

fa-ribeiro opened this issue Aug 27, 2018 · 2 comments
Milestone
Nextcloud 14

Comments

@fa-ribeiro
Copy link
Contributor

Nextcloud 14 checks in the setupchecks if the Referrer-Policy header is set (See: nextcloud/server#9122).
However, there is no reference to it in the nginx configuration example (https://github.com/nextcloud/documentation/blob/master/admin_manual/installation/nginx.rst).
@J0WI J0WI added this to the Nextcloud 14 milestone Sep 1, 2018
@familyman-131
Copy link

here's options for nginx virtualhost

add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;

@J0WI
Copy link
Contributor

J0WI commented Dec 11, 2018

Fixed in #856

@J0WI J0WI closed this as completed Dec 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Nextcloud 14
Development

No branches or pull requests
3 participants
@fa-ribeiro @J0WI @familyman-131