From b9e50b9e385f7e1ad4eae69cf7df80426c13cfee Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 3 Mar 2024 21:25:07 +0000
Subject: [PATCH] Add some headers

---
 nginx.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nginx.conf b/nginx.conf
index 4b3b8f9..d72ef08 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -40,6 +40,12 @@ server {
   sub_filter_once on;
   sub_filter_last_modified on;
 
+  # Set sensible headers
+  add_header X-Frame-Options "SAMEORIGIN" always;
+  add_header Referrer-Policy "no-referrer-when-downgrade" always;
+  add_header X-Content-Type-Options "nosniff" always;
+  add_header Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content" always;
+
   # Expose WebDAV on a sub-path
   location /.dav/ {
     alias /srv/;