summary refs log tree commit diff
path: root/nixos/modules/services/web-apps/nextcloud.nix
diff options
context:
space:
mode:
authorLara <lara@uwu.is>2022-01-18 16:12:50 +0000
committerLara <lara@uwu.is>2022-01-18 18:33:11 +0000
commit7109660b9a77eb38e1ef0fc05b658e67b79c546d (patch)
treec36f050a43300d02b3e132b2281c63e12e48a785 /nixos/modules/services/web-apps/nextcloud.nix
parent30cc7340f587429a9f34f7e54c41cc506d441011 (diff)
downloadnixpkgs-7109660b9a77eb38e1ef0fc05b658e67b79c546d.tar
nixpkgs-7109660b9a77eb38e1ef0fc05b658e67b79c546d.tar.gz
nixpkgs-7109660b9a77eb38e1ef0fc05b658e67b79c546d.tar.bz2
nixpkgs-7109660b9a77eb38e1ef0fc05b658e67b79c546d.tar.lz
nixpkgs-7109660b9a77eb38e1ef0fc05b658e67b79c546d.tar.xz
nixpkgs-7109660b9a77eb38e1ef0fc05b658e67b79c546d.tar.zst
nixpkgs-7109660b9a77eb38e1ef0fc05b658e67b79c546d.zip
nixos/nextcloud: Optionally disable setting HTTP response headers
This commit introduces a new option
`services.nextcloud.nginx.recommendedHttpHeaders` that can be used to
optionally disable serving recommended HTTP Response Headers in nginx.
This is especially useful if some headers are already configured
elsewhere to be served in nginx and thus result in duplicate headers.

Resolves #120223
Diffstat (limited to 'nixos/modules/services/web-apps/nextcloud.nix')
-rw-r--r--nixos/modules/services/web-apps/nextcloud.nix24
1 files changed, 16 insertions, 8 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index 6692d67081c..739ba1ea12f 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -505,6 +505,12 @@ in {
         The nextcloud-occ program preconfigured to target this Nextcloud instance.
       '';
     };
+
+    nginx.recommendedHttpHeaders = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable additional recommended HTTP response headers";
+    };
   };
 
   config = mkIf cfg.enable (mkMerge [
@@ -904,14 +910,16 @@ in {
         };
         extraConfig = ''
           index index.php index.html /index.php$request_uri;
-          add_header X-Content-Type-Options nosniff;
-          add_header X-XSS-Protection "1; mode=block";
-          add_header X-Robots-Tag none;
-          add_header X-Download-Options noopen;
-          add_header X-Permitted-Cross-Domain-Policies none;
-          add_header X-Frame-Options sameorigin;
-          add_header Referrer-Policy no-referrer;
-          add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+          ${optionalString (cfg.nginx.recommendedHttpHeaders) ''
+            add_header X-Content-Type-Options nosniff;
+            add_header X-XSS-Protection "1; mode=block";
+            add_header X-Robots-Tag none;
+            add_header X-Download-Options noopen;
+            add_header X-Permitted-Cross-Domain-Policies none;
+            add_header X-Frame-Options sameorigin;
+            add_header Referrer-Policy no-referrer;
+            add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+          ''}
           client_max_body_size ${cfg.maxUploadSize};
           fastcgi_buffers 64 4K;
           fastcgi_hide_header X-Powered-By;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-03 06:52:54 +0000