diff options
| author | Egor Kislitsyn <egor@kislitsyn.com> | 2018-12-06 19:55:58 +0700 |
|---|---|---|
| committer | Egor Kislitsyn <egor@kislitsyn.com> | 2018-12-06 19:55:58 +0700 |
| commit | 8b4397c704147bcc5ca12ab60dde32f2b6e11a41 (patch) | |
| tree | f1d26585be6673b495d3f4b8bea4deb5f0283d42 /installation/pleroma.vcl | |
| parent | 04a48286e69704bf83429b85dbcdb70863bdcff1 (diff) | |
| parent | 52ce368562de919f1806dfd5235642caf0666e16 (diff) | |
| download | pleroma-8b4397c704147bcc5ca12ab60dde32f2b6e11a41.tar.gz | |
Merge branch 'develop' into feature/compat/push-subscriptions
# Conflicts:
# lib/mix/tasks/sample_config.eex
# lib/pleroma/web/twitter_api/controllers/util_controller.ex
# mix.exs
# mix.lock
Diffstat (limited to 'installation/pleroma.vcl')
| -rw-r--r-- | installation/pleroma.vcl | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 74490be2a..63c1cb74d 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -119,13 +119,3 @@ sub vcl_pipe { set bereq.http.connection = req.http.connection; } } - -sub vcl_deliver { - set resp.http.X-Frame-Options = "DENY"; - set resp.http.X-XSS-Protection = "1; mode=block"; - set resp.http.X-Content-Type-Options = "nosniff"; - set resp.http.Referrer-Policy = "same-origin"; - set resp.http.Content-Security-Policy = "default-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://" + req.http.host + "; upgrade-insecure-requests;"; - # Uncomment this only after you get HTTPS working. - # set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains"; -} |