From 1b744c70f2a3f591392e0a362874aa6f55c1fe5c Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Thu, 26 May 2022 23:33:26 +0200
Subject: Add exception for security headers for git.tyil.nl

---
 playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'playbooks.d/webserver-nginx')

diff --git a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
index 65d1bb9..650b55c 100644
--- a/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
+++ b/playbooks.d/webserver-nginx/share/sites.d/https/nl.tyil.git
@@ -8,9 +8,13 @@ server {
 	ssl_certificate_key /etc/letsencrypt/live/git.tyil.nl/privkey.pem;
 
 	include /etc/nginx/snippets.d/certbot.conf;
-	include /etc/nginx/snippets.d/headers.conf;
 	include /etc/nginx/snippets.d/ssl.conf;
 
+	add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'" always;
+	add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+	add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Frame-Options "SAMEORIGIN" always;
+
 	root /usr/share/webapps/cgit/1.2.3-r100/htdocs;
 
 	location / {
-- 
cgit v1.1