-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The website could use some security HTTP headers #51
Labels
Comments
xaban2
changed the title
The website could use some security headers
The website could use some security HTTP headers
Nov 11, 2020
Nice catch, this was already solved in the past but I recently switched to a new host and forgot to apply the config. Give me 10 minutes |
denysvitali
added a commit
that referenced
this issue
Nov 12, 2020
denysvitali
added a commit
that referenced
this issue
Nov 12, 2020
denysvitali
added a commit
that referenced
this issue
Nov 13, 2020
Apparently NGINX will take only the headers from the deepest context that he finds. In this case, the deepest one was the `if` condition on cors.conf. For this reason, all the other headers were ignored. This fix uses variables instead, so that all the `add_header` directives stay on the same level, allowing us to not re-write those headers.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently it gets a "F" grade: scan results
The text was updated successfully, but these errors were encountered: