Skip to content

Commit

Permalink
enforce header security checks in nginx too
Browse files Browse the repository at this point in the history
  • Loading branch information
@thestinger
thestinger committed Sep 11, 2024
1 parent b04ba2b commit bf99335
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions nginx/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,18 @@ http {
if ($request_method != POST) {
return 405;
}
if ($http_content_type != "application/json") {
return 403;
}
if ($http_sec_fetch_mode != "same-origin") {
return 403;
}
if ($http_sec_fetch_site != "same-origin") {
return 403;
}
if ($http_sec_fetch_dest != "empty") {
return 403;
}
proxy_pass http://backend;
limit_req zone=backend-limit burst=32 nodelay;
limit_req zone=auth-limit burst=10 nodelay;
Expand All @@ -302,6 +314,18 @@ http {
if ($request_method != POST) {
return 405;
}
if ($http_content_type != "application/json") {
return 403;
}
if ($http_sec_fetch_mode != "same-origin") {
return 403;
}
if ($http_sec_fetch_site != "same-origin") {
return 403;
}
if ($http_sec_fetch_dest != "empty") {
return 403;
}
proxy_pass http://backend;
limit_req zone=backend-limit burst=32 nodelay;
limit_req zone=auth-limit burst=10 nodelay;
Expand All @@ -312,6 +336,18 @@ http {
if ($request_method != POST) {
return 405;
}
if ($http_content_type != "application/json") {
return 403;
}
if ($http_sec_fetch_mode != "same-origin") {
return 403;
}
if ($http_sec_fetch_site != "same-origin") {
return 403;
}
if ($http_sec_fetch_dest != "empty") {
return 403;
}
gzip on;
gzip_min_length 256;
gzip_types application/json;
Expand Down

0 comments on commit bf99335

Please sign in to comment.