站点 Logo
一颗小树
32
首页
菜单
日常

关于rhex响应头问题

代号9527
·1小时前

Nginx 添加安全响应头

ts
// add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
add_header Content-Security-Policy "default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self' https: wss:; frame-ancestors 'self';" always;
add_header Strict-Transport-Security "max-age=31536000" always;

示例位置

ts
// server {
    listen 443 ssl;
    listen 443 quic;
    http2 on;
    http3 on;

    server_name bbs.anbye.com;

    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;

    add_header Content-Security-Policy "default-src 'self'; img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self' https: wss:; frame-ancestors 'self';" always;

    add_header Strict-Transport-Security "max-age=31536000" always;

    root /www/wwwroot/bbs.anbye.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

搜索配置配置 保留这个
add_header Strict-Transport-Security "max-age=31536000" always;
删除这个
add_header Strict-Transport-Security "max-age=31536000";

Nginx 兜底隐藏 x-powered-by

ts
// proxy_hide_header X-Powered-By;

示例位置

ts
// location / {
    proxy_hide_header X-Powered-By;

    proxy_pass http://127.0.0.1:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

什么也没有

回复讨论
0

登录后可参与回复讨论。

当前还没有回复,欢迎成为第一个参与讨论的人。

文明发言,理性讨论