Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding http security headers

Browse Source
This commit is contained in:
janis steiner
2026-05-15 10:08:08 +02:00
parent 091d00b5c2
commit eb3ffed163
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apache-conf/000-default.conf
+7
View File
@@ -6,6 +6,13 @@ TraceEnable Off
ServerName auth.jakach.ch ServerName auth.jakach.ch
DocumentRoot /var/www/html DocumentRoot /var/www/html
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "DENY"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=(), usb=(), publickey-credentials-get=(self)"
Header always set Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests"
<Directory /var/www/html> <Directory /var/www/html>
Options FollowSymLinks Options FollowSymLinks
AllowOverride All AllowOverride All
srv_dockerfile
+2 -2
View File
@@ -7,8 +7,8 @@ RUN apt-get update && \
pecl install redis && \ pecl install redis && \
docker-php-ext-enable redis docker-php-ext-enable redis
# Enable SSL module for Apache # Enable Apache modules
RUN a2enmod ssl RUN a2enmod ssl headers
# Restart Apache to apply changes # Restart Apache to apply changes
RUN service apache2 restart RUN service apache2 restart