@@ -6,10 +6,9 @@ upstream php-handler {
66# Set the `immutable` cache control options only for assets with a cache busting `v` argument
77map $arg_v $asset_immutable {
88 "" "";
9- default "immutable";
9+ default ", immutable";
1010}
1111
12-
1312server {
1413 listen 80;
1514 listen [::]:80;
@@ -79,13 +78,14 @@ server {
7978 # Remove X-Powered-By, which is an information leak
8079 fastcgi_hide_header X-Powered-By;
8180
82- # Add .mjs as a file extension for javascript
81+ # Set .mjs and .wasm MIME types
8382 # Either include it in the default mime.types list
84- # or include you can include that list explicitly and add the file extension
83+ # and include that list explicitly or add the file extension
8584 # only for Nextcloud like below:
8685 include mime.types;
8786 types {
8887 text/javascript js mjs;
88+ application/wasm wasm;
8989 }
9090
9191 # Specify how to handle directories -- specifying `/index.php$request_uri`
@@ -167,12 +167,15 @@ server {
167167 # Serve static files
168168 location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
169169 try_files $uri /index.php$request_uri;
170- add_header Cache-Control "public, max-age=15778463, $asset_immutable";
170+ # HTTP response headers borrowed from Nextcloud `.htaccess`
171+ add_header Cache-Control "public, max-age=15778463$asset_immutable";
172+ add_header Referrer-Policy "no-referrer" always;
173+ add_header X-Content-Type-Options "nosniff" always;
174+ add_header X-Frame-Options "SAMEORIGIN" always;
175+ add_header X-Permitted-Cross-Domain-Policies "none" always;
176+ add_header X-Robots-Tag "noindex, nofollow" always;
177+ add_header X-XSS-Protection "1; mode=block" always;
171178 access_log off; # Optional: Don't log access to assets
172-
173- location ~ \.wasm$ {
174- default_type application/wasm;
175- }
176179 }
177180
178181 location ~ \.woff2?$ {
0 commit comments