31 lines
1.3 KiB
YAML
31 lines
1.3 KiB
YAML
http:
|
|
middlewares:
|
|
middlewares-secure-headers:
|
|
headers:
|
|
accessControlAllowMethods:
|
|
- GET
|
|
- OPTIONS
|
|
- PUT
|
|
accessControlMaxAge: 100
|
|
hostsProxyHeaders:
|
|
- "X-Forwarded-Host"
|
|
sslRedirect: true
|
|
stsSeconds: 63072000
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
forceSTSHeader: true
|
|
# frameDeny: true #overwritten by customFrameOptionsValue
|
|
customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
# sslForceHost: true # add sslHost to all of the services
|
|
# sslHost: "example.com"
|
|
referrerPolicy: "same-origin"
|
|
# Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
|
|
# the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
|
|
# contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
|
|
featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
|
|
customResponseHeaders:
|
|
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
|
|
server: ""
|
|
|