xamxam/nginx/xamxam.conf.reference at 6f7a02244f3ed1f12e397400958943b1a286c595

mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00

Files

Pontoporeia 04094d802d fix: harden security based on pentest scan findings

- Add Content-Security-Policy to main nginx server block (was only on /admin/)
- Add Cross-Origin-Opener-Policy and Cross-Origin-Resource-Policy headers
- Add includeSubDomains to HSTS header
- Set HttpOnly, Secure, SameSite=Lax session cookie params on public pages
  (AdminAuth already hardens the /admin session with SameSite=Strict)
- Update xamxam.conf.reference and SECURITY_HEADERS.md to match

2026-05-19 00:08:06 +02:00

6.0 KiB

Raw Blame History

View Raw

6.0 KiB Raw Blame History

6.0 KiB

Raw Blame History