1 year ago
#383182
Tomer Ram
After adding HSTS and Xframe policies it's still not showing up in the browser. (NGINX)
I am using docker to run a react app with Nginx not sure why it's not implementing the headers I added.
http{
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 999M;
access_log /dev/stdout;
error_log /dev/stderr;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
server_names_hash_bucket_size 64;
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'self' www.google-analytics.comajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connectfacebook.net facebook.com;";
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "origin";
}
When I deployed the above it didn't work so I tried adding the same thing below
server {
server_tokens off;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'self' www.google-analytics.comajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connectfacebook.net facebook.com;";
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "origin";
}
Again no good and then I tried deploying with both at the same time still no good.
I'm new to Nginx so not sure what the issue is, any help is appreciated. Thanks!
nginx
xss
hsts
0 Answers
Your Answer