All Questions
7 questions
4
votes
0
answers
3k
views
List of all Permissions-Policy header keys and values?
Does someone have a list of all Permissions-Policy header keys and values?
What I have:
more_set_headers "Permissions-Policy: camera=(self), fullscreen=(*), geolocation=(self), payment=()";
...
- 624
3
votes
0
answers
10k
views
How to configure Content-Security-Policy for Nginx and Drupal 8?
I have a Nginx server with Ubuntu 18.04 and a Drupal 8 site.
I have read on several articles that should not use 'unsafe-eval', 'unsafe-inline'
I added headers for security but the pages of the site ...
- 31
0
votes
1
answer
2k
views
Pros/Cons to disabling HEAD requests with Nginx?
I have a static blog/site and I'm wondering if there are any negative implications of disallowing/disabling HEAD requests within my Nginx conf? For example: would it break the site with certain web ...
1
vote
1
answer
1k
views
How to deny requests that contains a certain header and not coming from whitelisted IPs in nginx?
I would like to double protect an application that uses a custom header to authorize some critical views. Since those calls should only originate from some well-known IPs, I would like to block ...
- 288
0
votes
1
answer
814
views
Sending two Content-Security-Policy headers
I current have an nginx server that is sending the Content-Security-Policy header, however I've read that apparently IE only supports "X-Content-Security-Policy".
Would it be a good idea to send both ...
- 435
9
votes
3
answers
37k
views
Set Access-Control-Allow-Origin in nginx using wildcard domain
With nginx can I specify Access-Control-Allow-Origin using a wildcard like *.mydomain.com?
Would it look like:
add_header Access-Control-Allow-Origin *.mydomain.com;
Thanks.
- 5,588
4
votes
1
answer
3k
views
Hide/Replace Nginx Location Header?
I am trying to pass a PCI compliance test, and I'm getting a single "high risk vulnerability".
The problem is described as:
Information on the machine which a web server is located is sometimes ...
- 151