Add custom headers in vhost (moved from ssl helpers)

2026-02-24 09:03:29 +07:00 · 2016-03-15 10:51:14 +01:00
parent d223f8b144
commit 2ba906be2e
5 changed files with 11 additions and 5 deletions
--- a/templates/etc/nginx/helper/ssl-legacy.j2
+++ b/templates/etc/nginx/helper/ssl-legacy.j2
@@ -7,8 +7,6 @@ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
 {% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
 ssl_stapling on;
 ssl_stapling_verify on;
--- a/templates/etc/nginx/helper/ssl-strong.j2
+++ b/templates/etc/nginx/helper/ssl-strong.j2
@@ -7,8 +7,6 @@ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
-add_header X-Frame-Options DENY;
-add_header X-Content-Type-Options nosniff;
 {% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
 ssl_stapling on;
 ssl_stapling_verify on;
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -3,6 +3,7 @@
 {% set __listen = item.listen | default(['80']) %}
 {% set __listen_ssl = item.listen_ssl | default(['443']) %}
 {% set __location = item.location | default({}) %}
+{% set __headers = item.headers | default({'X-Frame-Options': 'DENY', 'X-Content-Type-Options': 'nosniff' }) %}
 {% macro htpasswd(htpasswd_name, indent=1) -%}
 {% for ht in nginx_htpasswd if ht.name == htpasswd_name %}
 {{ "\t" * indent }}auth_basic "{{ ht.description }}";
@@ -57,6 +58,12 @@ server {
 {{ htpasswd(item.htpasswd, 1) }}
 {% endif %}

+	# --> Custom headers
+{% for key, value in __headers.iteritems() %}
+	add_header {{ key }} {{ value }};
+{% endfor %}
+	# <-- Custom headers
+
 {% if not __location.has_key('/') %}
 	location / {
 {% block template_try_files %}