WIP

MarceloRGonc · MarceloRGonc · commit 8b7f034696d7 · 2026-04-16T17:19:18.000+01:00
diff --git a/deploy/docker-compose/nginx.gateway.tls.conf b/deploy/docker-compose/nginx.gateway.tls.conf
@@ -23,6 +23,10 @@ server {
     ssl_session_cache shared:MozSSL:10m;
 
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
+    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.openops.com https://fonts.cdnfonts.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.github.com https://cdn.jsdelivr.net" always;
 
     include /etc/nginx/conf.d/gateway.routing;
 }

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,10 @@ server {`
`23`	`23`	`ssl_session_cache shared:MozSSL:10m;`
`24`	`24`
`25`	`25`	`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`
	`26`	`+`
	`27`	`+ add_header X-Content-Type-Options "nosniff" always;`
	`28`	`+ add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;`
	`29`	`+ add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.openops.com https://fonts.cdnfonts.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.github.com https://cdn.jsdelivr.net" always;`
`26`	`30`
`27`	`31`	`include /etc/nginx/conf.d/gateway.routing;`
`28`	`32`	`}`