From 583b106d39ab04a294e6e1a2a9709afe2f401b25 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 2 Apr 2024 16:47:49 +0000
Subject: [PATCH] nginx_site: Add more strict headers to collab

---
 roles/nginx_site/templates/collab.foo.sh.conf.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/nginx_site/templates/collab.foo.sh.conf.j2 b/roles/nginx_site/templates/collab.foo.sh.conf.j2
index d338ce4..93e1c8b 100644
--- a/roles/nginx_site/templates/collab.foo.sh.conf.j2
+++ b/roles/nginx_site/templates/collab.foo.sh.conf.j2
@@ -1 +1,6 @@
     client_max_body_size 50m;
+
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'";
+    add_header Referrer-Policy "no-referrer";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";