Updating conf to include secure cookies and XFO via CSP frame-ancestors

2022-06-27 11:03:41 -05:00 · 2022-06-27 11:03:41 -05:00 · 10d6802196
commit 10d6802196
parent a6547f9136
2 changed files with 4 additions and 0 deletions
--- a/element/element.theschricks.com.conf
+++ b/element/element.theschricks.com.conf
@ -28,6 +28,10 @@ server {
 	add_header X-Frame-Options "SAMEORIGIN";
 	add_header Referrer-Policy "strict-origin";
 	add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
+	add_header Set-Cookie "Path=/; HttpOnly; Secure";
+
+	# CSP
+	add_header Content-Security-Policy "frame-ancestors 'self'";

    	# OCSP stapling
    	ssl_stapling on;
--- a/element/scoring/Mozilla_Observatory.png
+++ b/element/scoring/Mozilla_Observatory.png