Add Referrer-Policy header examples for nginx

nextcloud · Sep 11, 2018 · a31db79 · a31db79
1 parent 1a41584
commit a31db79
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 0 deletions.
diff --git a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
@@ -50,6 +50,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
 
         root /var/www/html;
 
@@ -140,6 +141,8 @@ http {
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
+            add_header Referrer-Policy no-referrer;
+
             # Optional: Don't log access to assets
             access_log off;
         }

diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
@@ -50,6 +50,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
 
         root /var/www/html;
 
@@ -140,6 +141,8 @@ http {
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
+            add_header Referrer-Policy no-referrer;
+
             # Optional: Don't log access to assets
             access_log off;
         }

diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
@@ -50,6 +50,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
 
         root /var/www/html;
 
@@ -140,6 +141,8 @@ http {
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
+            add_header Referrer-Policy no-referrer;
+
             # Optional: Don't log access to assets
             access_log off;
         }

diff --git a/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy-self-signed-ssl/mariadb/fpm/web/nginx.conf
@@ -55,6 +55,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
 
         root /var/www/html;
 
@@ -145,6 +146,8 @@ http {
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
+            add_header Referrer-Policy no-referrer;
+
             # Optional: Don't log access to assets
             access_log off;
         }

diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
@@ -55,6 +55,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
 
         root /var/www/html;
 
@@ -145,6 +146,8 @@ http {
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
+            add_header Referrer-Policy no-referrer;
+
             # Optional: Don't log access to assets
             access_log off;
         }

diff --git a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
@@ -55,6 +55,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
 
         root /var/www/html;
 
@@ -145,6 +146,8 @@ http {
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
+            add_header Referrer-Policy no-referrer;
+
             # Optional: Don't log access to assets
             access_log off;
         }

diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
@@ -55,6 +55,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
 
         root /var/www/html;
 
@@ -145,6 +146,8 @@ http {
             add_header X-Robots-Tag none;
             add_header X-Download-Options noopen;
             add_header X-Permitted-Cross-Domain-Policies none;
+            add_header Referrer-Policy no-referrer;
+
             # Optional: Don't log access to assets
             access_log off;
         }