diff options
| author | Hakaba Hitoyo <hakabahitoyo@example.com> | 2018-11-15 14:04:09 +0900 |
|---|---|---|
| committer | Hakaba Hitoyo <hakabahitoyo@example.com> | 2018-11-15 14:04:09 +0900 |
| commit | 5c8b8f6cb7212bd202924b535cd2a263416e78d4 (patch) | |
| tree | 07ad2b2dd44189ae14a1ff44ff5a98013143866b /installation/pleroma.vcl | |
| parent | 3484f687958f57ea5ce749135f78517ff12849d7 (diff) | |
| parent | cc45797f4e1765f5123c058166f6032c6a6556a0 (diff) | |
| download | pleroma-5c8b8f6cb7212bd202924b535cd2a263416e78d4.tar.gz pleroma-5c8b8f6cb7212bd202924b535cd2a263416e78d4.zip | |
Merge remote-tracking branch 'official/develop' into develop
Diffstat (limited to 'installation/pleroma.vcl')
| -rw-r--r-- | installation/pleroma.vcl | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 74490be2a..63c1cb74d 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -119,13 +119,3 @@ sub vcl_pipe { set bereq.http.connection = req.http.connection; } } - -sub vcl_deliver { - set resp.http.X-Frame-Options = "DENY"; - set resp.http.X-XSS-Protection = "1; mode=block"; - set resp.http.X-Content-Type-Options = "nosniff"; - set resp.http.Referrer-Policy = "same-origin"; - set resp.http.Content-Security-Policy = "default-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://" + req.http.host + "; upgrade-insecure-requests;"; - # Uncomment this only after you get HTTPS working. - # set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains"; -} |