Fix CORS header

* additional security directives
2019-09-25 00:27:31 +02:00
parent 6b5cfbacd6
commit be4b3cfad2
4 changed files with 15 additions and 8 deletions
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -66,7 +66,7 @@ http {
 	more_set_headers "X-Frame-Options : SAMEORIGIN";
 	more_set_headers "X-Xss-Protection : 1; mode=block";
 	more_set_headers "X-Content-Type-Options : nosniff";
-	more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
+	more_set_headers "Referrer-Policy : no-referrer, strict-origin-when-cross-origin";
 	more_set_headers "X-Download-Options : noopen";

 	# oscp settings