Mercurial > repos > other > Puppet

view modules/website/templates/https_core_conf.erb @ 254:5a903aa91469

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Change header types and add module to fix NextCloud header checks We had SetEnvIf but not a standard Env "Header always set" and "Header set" are not the same and result in concatenated values
author IBBoard <dev@ibboard.co.uk>
date Sun, 29 Dec 2019 12:25:14 +0000
parents 4519b727cc4c
children f99974dc0f1a
line wrap: on
line source

Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
Header always set Content-Security-Policy "upgrade-insecure-requests; <%= @csp_string %>"
Header always set Content-Security-Policy-Report-Only "<%= @csp_report_string %>"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"

RewriteCond %{HTTP_HOST} !=<%= @primary_name %>
RewriteRule ^(.*)$ https://<%= @primary_name %>$1 [R=301,L]