From e57cd06891ee0b4deed6ce59749e70e31038db63 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 2 Apr 2024 18:01:02 +0000
Subject: [PATCH] nginx_site: Add security headers for movies.foo.sh

---
 roles/nginx_site/templates/movies.foo.sh.conf.j2 | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 roles/nginx_site/templates/movies.foo.sh.conf.j2

diff --git a/roles/nginx_site/templates/movies.foo.sh.conf.j2 b/roles/nginx_site/templates/movies.foo.sh.conf.j2
new file mode 100644
index 0000000..760e07b
--- /dev/null
+++ b/roles/nginx_site/templates/movies.foo.sh.conf.j2
@@ -0,0 +1,5 @@
+    add_header Content-Security-Policy "default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com";
+    add_header Referrer-Policy "no-referrer";
+    add_header X-Content-Type-Options "nosniff";
+    add_header X-XSS-Protection "1; mode=block";
+