diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2022-01-21 10:53:28 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-21 10:53:28 +0100 |
| commit | 588fd794b386d816350e5536cd83cd5addf19042 (patch) | |
| tree | e53f426b266c0231abf01cf475a224a823ad45c8 /nixos | |
| parent | ea1f1453acd00911c00b260f3a88e3c343c24b09 (diff) | |
| parent | 7109660b9a77eb38e1ef0fc05b658e67b79c546d (diff) | |
| download | nixpkgs-588fd794b386d816350e5536cd83cd5addf19042.tar nixpkgs-588fd794b386d816350e5536cd83cd5addf19042.tar.gz nixpkgs-588fd794b386d816350e5536cd83cd5addf19042.tar.bz2 nixpkgs-588fd794b386d816350e5536cd83cd5addf19042.tar.lz nixpkgs-588fd794b386d816350e5536cd83cd5addf19042.tar.xz nixpkgs-588fd794b386d816350e5536cd83cd5addf19042.tar.zst nixpkgs-588fd794b386d816350e5536cd83cd5addf19042.zip | |
Merge pull request #155502 from yayayayaka/nextcloud-optional-headers
nixos/nextcloud: Optionally disable setting HTTP response headers
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 6692d67081c..739ba1ea12f 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -505,6 +505,12 @@ in { The nextcloud-occ program preconfigured to target this Nextcloud instance. ''; }; + + nginx.recommendedHttpHeaders = mkOption { + type = types.bool; + default = true; + description = "Enable additional recommended HTTP response headers"; + }; }; config = mkIf cfg.enable (mkMerge [ @@ -904,14 +910,16 @@ in { }; extraConfig = '' index index.php index.html /index.php$request_uri; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header X-Frame-Options sameorigin; - add_header Referrer-Policy no-referrer; - add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + ${optionalString (cfg.nginx.recommendedHttpHeaders) '' + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options sameorigin; + add_header Referrer-Policy no-referrer; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + ''} client_max_body_size ${cfg.maxUploadSize}; fastcgi_buffers 64 4K; fastcgi_hide_header X-Powered-By; |