From 5e42ef094d520b693c24e84070c7a8d57f177f52 Mon Sep 17 00:00:00 2001 From: Diego Lendoiro Date: Tue, 16 Jan 2018 16:25:52 +0100 Subject: [PATCH] security headers are being sent from passbolt application --- conf/passbolt.conf | 28 ---------------------------- 1 file changed, 28 deletions(-) diff --git a/conf/passbolt.conf b/conf/passbolt.conf index a522ff4..8e737c8 100644 --- a/conf/passbolt.conf +++ b/conf/passbolt.conf @@ -13,18 +13,6 @@ server { root /var/www/passbolt; - # X-Frame-Options is to prevent from clickJacking attack - add_header X-Frame-Options SAMEORIGIN; - - # disable content-type sniffing on some browsers. - add_header X-Content-Type-Options nosniff; - - # This header enables the Cross-site scripting (XSS) filter - add_header X-XSS-Protection "1; mode=block"; - - # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - location / { try_files $uri $uri/ /index.php?$args; index index.php; @@ -58,25 +46,9 @@ server { ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_session_tickets off; - add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; - add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; root /var/www/passbolt; - # X-Frame-Options is to prevent from clickJacking attack - add_header X-Frame-Options SAMEORIGIN; - - # disable content-type sniffing on some browsers. - add_header X-Content-Type-Options nosniff; - - # This header enables the Cross-site scripting (XSS) filter - add_header X-XSS-Protection "1; mode=block"; - - # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - location / { try_files $uri $uri/ /index.php?$args; index index.php;