From b1242840a7cca6a6f9c795958da2aab78b2023cc Mon Sep 17 00:00:00 2001
From: Sindre Stephansen <sindre@sindrestephansen.com>
Date: Thu, 12 Mar 2020 10:15:54 +0100
Subject: [PATCH] Add security headers

Fixes #26 and #12
---
 src/entrypoint.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/entrypoint.sh b/src/entrypoint.sh
index 14e6adb..33c032d 100755
--- a/src/entrypoint.sh
+++ b/src/entrypoint.sh
@@ -15,6 +15,8 @@ USE_LISTEN_PORT=${LISTEN_PORT:-8080}
 #else
 content_server='server {\n'
 content_server=$content_server"    listen ${USE_LISTEN_PORT};\n"
+content_server=$content_server'    add_header X-Frame-Options deny always;\n'
+content_server=$content_server'    add_header X-Content-Type-Options nosniff always;\n'
 content_server=$content_server'    location / {\n'
 content_server=$content_server'        include uwsgi_params;\n'
 content_server=$content_server'        uwsgi_pass unix:///tmp/uwsgi.sock;\n'
@@ -29,6 +31,8 @@ content_server=$content_server'}\n'
 # https://nginx.org/en/docs/http/configuring_https_servers.html
 content_server=$content_server'server {\n'
 content_server=$content_server"    listen 443 ssl http2;\n"
+content_server=$content_server'    add_header X-Frame-Options deny always;\n'
+content_server=$content_server'    add_header X-Content-Type-Options nosniff always;\n'
 content_server=$content_server'    ssl_certificate      /app/selfsigned.crt;\n'
 content_server=$content_server'    ssl_certificate_key  /app/selfsigned.key;\n'
 content_server=$content_server'    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;\n'