From 18ba885ca2bbb28a07707bea70c3ac25115234af Mon Sep 17 00:00:00 2001 From: TwoTwenty <40475728+TwoTwenty@users.noreply.github.com> Date: Wed, 22 Jul 2020 10:38:50 -0700 Subject: [PATCH 1/3] Update matrix-client-element.conf.j2 --- .../templates/nginx/conf.d/matrix-client-element.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 index 813835a05..cbabc9f63 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 @@ -3,6 +3,9 @@ {% macro render_vhost_directives() %} gzip on; gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; {% for configuration_block in matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks %} {{- configuration_block }} {% endfor %} From c97e7c5a3ea58175b50954e3d2c8f523b841df54 Mon Sep 17 00:00:00 2001 From: TwoTwenty <40475728+TwoTwenty@users.noreply.github.com> Date: Wed, 22 Jul 2020 10:39:07 -0700 Subject: [PATCH 2/3] Update matrix-dimension.conf.j2 --- .../templates/nginx/conf.d/matrix-dimension.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 index e70190400..7830ab22a 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2 @@ -3,6 +3,9 @@ {% macro render_vhost_directives() %} gzip on; gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; {% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %} {{- configuration_block }} {% endfor %} From b106a9592ec11838117628d8e2e37268fd0360c0 Mon Sep 17 00:00:00 2001 From: TwoTwenty <40475728+TwoTwenty@users.noreply.github.com> Date: Wed, 22 Jul 2020 10:39:24 -0700 Subject: [PATCH 3/3] Update matrix-jitsi.conf.j2 --- .../templates/nginx/conf.d/matrix-jitsi.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 index c66891726..a6516dab0 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-jitsi.conf.j2 @@ -3,6 +3,9 @@ {% macro render_vhost_directives() %} gzip on; gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; {% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %} {{- configuration_block }} {% endfor %}