From 14ca3b9ce068e1426c61e150496c6f8ae333fa11 Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Fri, 9 Dec 2022 15:23:28 +0100
Subject: nginx: disable default headers

getting errors when overriden by virtual host
---
 usecases/server/nginx.nix | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

(limited to 'usecases/server')

diff --git a/usecases/server/nginx.nix b/usecases/server/nginx.nix
index c4c37fd..0e79a35 100644
--- a/usecases/server/nginx.nix
+++ b/usecases/server/nginx.nix
@@ -14,24 +14,24 @@ inputs:
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
-    commonHttpConfig = ''
-      # Add HSTS header with preloading to HTTPS requests.
-      # Adding this header to HTTP requests is discouraged
-      map $scheme $hsts_header {
-          https   "max-age=31536000; includeSubdomains; preload";
-      }
-
-      add_header Strict-Transport-Security $hsts_header;
-
-      add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
-
-      add_header X-Frame-Options DENY;
-
-      add_header X-Content-Type-Options nosniff;
-
-      # Better to setup CSP, but nice default nonetheless
-      add_header X-XSS-Protection "1; mode=block";
-    '';
+    # commonHttpConfig = ''
+    #   # Add HSTS header with preloading to HTTPS requests.
+    #   # Adding this header to HTTP requests is discouraged
+    #   map $scheme $hsts_header {
+    #       https   "max-age=31536000; includeSubdomains; preload";
+    #   }
+    #
+    #   add_header Strict-Transport-Security $hsts_header;
+    #
+    #   add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
+    #
+    #   add_header X-Frame-Options DENY;
+    #
+    #   add_header X-Content-Type-Options nosniff;
+    #
+    #   # Better to setup CSP, but nice default nonetheless
+    #   add_header X-XSS-Protection "1; mode=block";
+    # '';
 
     sslDhparam = config.security.dhparams.params.nginx.path;
   };
-- 
cgit v1.2.3