Mercurial > repos > other > Puppet
view modules/website/templates/https_core_conf.erb @ 254:5a903aa91469
Change header types and add module to fix NextCloud header checks
We had SetEnvIf but not a standard Env
"Header always set" and "Header set" are not the same and result
in concatenated values
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 29 Dec 2019 12:25:14 +0000 |
parents | 4519b727cc4c |
children | f99974dc0f1a |
line wrap: on
line source
Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" Header always set Content-Security-Policy "upgrade-insecure-requests; <%= @csp_string %>" Header always set Content-Security-Policy-Report-Only "<%= @csp_report_string %>" Header always set X-Xss-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" RewriteCond %{HTTP_HOST} !=<%= @primary_name %> RewriteRule ^(.*)$ https://<%= @primary_name %>$1 [R=301,L]