nixos/nextcloud: Optionally disable setting HTTP response headers
This commit introduces a new option `services.nextcloud.nginx.recommendedHttpHeaders` that can be used to optionally disable serving recommended HTTP Response Headers in nginx. This is especially useful if some headers are already configured elsewhere to be served in nginx and thus result in duplicate headers. Resolves #120223
This commit is contained in:
parent
30cc7340f5
commit
7109660b9a
1 changed files with 16 additions and 8 deletions
|
@ -505,6 +505,12 @@ in {
|
|||
The nextcloud-occ program preconfigured to target this Nextcloud instance.
|
||||
'';
|
||||
};
|
||||
|
||||
nginx.recommendedHttpHeaders = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Enable additional recommended HTTP response headers";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [
|
||||
|
@ -904,14 +910,16 @@ in {
|
|||
};
|
||||
extraConfig = ''
|
||||
index index.php index.html /index.php$request_uri;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header X-Frame-Options sameorigin;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
${optionalString (cfg.nginx.recommendedHttpHeaders) ''
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header X-Frame-Options sameorigin;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||
''}
|
||||
client_max_body_size ${cfg.maxUploadSize};
|
||||
fastcgi_buffers 64 4K;
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
|
Loading…
Reference in a new issue