Update nginx.conf template (#999)

Updating the conf template for ssl usage. This way when a production (ssl) instance is spun up it uses all the relevant headers.
hpcc-systems · Jan 22, 2025 · 031587a · 031587a
1 parent d6c1d4f
commit 031587a
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/Tombolo/client-reactjs/nginx/conf.d/nginx.conf.template-ssl b/Tombolo/client-reactjs/nginx/conf.d/nginx.conf.template-ssl
@@ -13,14 +13,14 @@ server {
   ssl_session_timeout  10m;
   ssl_session_cache shared:SSL:10m;
   server_name $HOSTNAME;
-  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+  add_header Strict-Transport-Security "max-age=86400; includeSubDomains" always;
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Permitted-Cross-Domain-Policies "none";
   add_header X-Frame-Options "deny";
-  #add_header Access-Control-Allow-Origin "domain";
+  add_header Access-Control-Allow-Origin "domain";
   add_header Access-Control-Allow-Origin https://${DOLLAR}server_name;
   add_header X-Content-Type-Options "nosniff";
-  add_header Content-Security-Policy "script-src 'self'; object-src 'self'; worker-src 'self' blob:;";
+  add_header Content-Security-Policy "script-src 'self'; base-uri 'self'; frame-ancestors 'deny'; form-action 'self'; default-src 'self'; object-src 'none'; worker-src 'self' blob:;";
   add_header Cache-Control "no-store";
   add_header Pragma "no-cache";
   error_log /var/log/nginx/tombolo-error.log;
@@ -31,6 +31,8 @@ server {
     proxy_set_header Host ${DOLLAR}http_host;
     proxy_hide_header X-Powered-By;
     expires -1;
+    # adding this on top of -1, as part of the requirements for different browsers
+    expires 01 Jan 1971 01:01:01 GMT;
 
     root   /usr/share/nginx/html;
     index  index.html index.htm;