New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better Configuration of nginx #564

merged 3 commits into from Nov 28, 2018


None yet
5 participants
Copy link

frju365 commented Oct 19, 2018

The problem

  • Path-traversal not fixed (not really vulnerable in these cases)
  • "Nested "add_header" drops parent headers." (Gixy test)


PR Status

Tested (production + gixy tests). Need review.

How to test



  • Principle agreement 1/2 : Josué
  • Quick review 0/1 :
  • Simple test 0/1 :
  • Deep review 0/1 :

frju365 added some commits Oct 19, 2018


This comment has been minimized.

Copy link
Member Author

frju365 commented Nov 15, 2018

I forgot to say : but to test it you can use this website :

Copy link

Josue-T left a comment

Don't have time to test but look good for me.


This comment has been minimized.

Copy link

silkevicious commented Nov 15, 2018

Hi everyone.

I checked my YNH installation (both the "stable" release and the "testing" release) with the security headers.

It's not that bad actually, i got an A, we're missing the Referrer-Policy and the Feature-Policy ( ), but the rest looks good, i think?!

For reference, in order to improve even more, i've looked at that website headers:

Maybe contains some hint! Hope it helps!


This comment has been minimized.

Copy link
Member Author

frju365 commented Nov 15, 2018

Yeah, I know. For referrer : we disabled it. Perhaps it was too strict.
For feature-policy, it's quite new. I will perhaps see the topic, but after this PR.

Copy link

zamentur left a comment

LGTM reviewed but untested

@alexAubin alexAubin added this to the 3.4.x milestone Nov 22, 2018

@alexAubin alexAubin merged commit 8cb029a into YunoHost:stretch-unstable Nov 28, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

@frju365 frju365 deleted the frju365:patch-12 branch Nov 28, 2018

alexAubin added a commit that referenced this pull request Jan 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment