Update pleroma.nginx

[akkoma] / installation / pleroma.nginx

diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx
index 895799a8edc81750d39aa40822c78c05c05448f0..42323dd955b0d6def6287d0bb2cf44e246c77b24 100644 (file)
--- a/installation/pleroma.nginx
+++ b/installation/pleroma.nginx
@@ -52,13 +52,24 @@ server {
         # if you do not want remote frontends to be able to access your Pleroma backend
         # server, remove these lines.
         add_header 'Access-Control-Allow-Origin' '*' always;
-        add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;
-        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
+        add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
+        add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
         if ($request_method = OPTIONS) {
             return 204;
         }
         # stop removing lines here.
 
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Permitted-Cross-Domain-Policies none;
+        add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header Referrer-Policy same-origin;
+        add_header X-Download-Options noopen;
+        
+        # Uncomment this only after you get HTTPS working.
+        # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -72,6 +83,7 @@ server {
     location /proxy {
         proxy_cache pleroma_media_cache;
         proxy_cache_lock on;
+        proxy_ignore_client_abort on;
         proxy_pass http://localhost:4000;
     }
 }