Release v1.7.15: security hardening, async auth, CSP tightening, model validation, SSRF guard, rate limiting improvements, frontend extraction, Docker compose security
Release / build-and-push (push) Successful in 3m12s
Release / build-and-push (push) Successful in 3m12s
This commit is contained in:
+2
-4
@@ -30,11 +30,9 @@ http {
|
||||
gzip_comp_level 6;
|
||||
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
|
||||
|
||||
# Security headers
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
# Security headers — most headers are set by the backend; only add non-duplicates here.
|
||||
# X-XSS-Protection is kept for legacy browser compatibility.
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
|
||||
# Upstream backend
|
||||
upstream aoc_backend {
|
||||
|
||||
Reference in New Issue
Block a user