nginx: disable deprecated X-XSS-Protection

author Julien Moutinho <julm+julm-nix@sourcephile.fr>

Sat, 20 Apr 2024 21:08:53 +0000 (23:08 +0200)

committer Julien Moutinho <julm+julm-nix@sourcephile.fr>

Sat, 20 Apr 2024 21:08:53 +0000 (23:08 +0200)
author Julien Moutinho <julm+julm-nix@sourcephile.fr>
Sat, 20 Apr 2024 21:08:53 +0000 (23:08 +0200)
committer Julien Moutinho <julm+julm-nix@sourcephile.fr>
Sat, 20 Apr 2024 21:08:53 +0000 (23:08 +0200)
diff --git a/nixos/profiles/services/nginx.nix b/nixos/profiles/services/nginx.nix

index 36c9c76af3b006ad304235ce0a2549e693f4490d..559fb2800c34fbf098de903d12a00a983af08381 100644 (file)
--- a/nixos/profiles/services/nginx.nix
+++ b/nixos/profiles/services/nginx.nix
@@ -30,7 +30,7 @@ in
          # whenever upstream uses a list instead of a string.
          LogsDirectory = lib.mkForce [ "nginx" ];
          StateDirectory = [ "nginx" ];
-        StateDirectoryMode = "2770";
+        StateDirectoryMode = "2771";
          #BindPaths = ["/dev/shm/nginx:/var/cache/nginx"];
        };
      };
@@ -86,7 +86,8 @@ in
  
            # Enable XSS protection of the browser.
            # May be unnecessary when CSP is configured properly (see above)
-          add_header X-XSS-Protection "1; mode=block";
+          # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+          #add_header X-XSS-Protection "1; mode=block";
  
            # Minimize information leaked to other domains
            add_header 'Referrer-Policy' 'origin-when-cross-origin';
author	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Sat, 20 Apr 2024 21:08:53 +0000 (23:08 +0200)
committer	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Sat, 20 Apr 2024 21:08:53 +0000 (23:08 +0200)