set x-content-type-options headers for blob and block in nginx example

pull/1/head
ansuz 3 years ago
parent 9ae4101ea2
commit 16b843c2c8

@ -204,6 +204,7 @@ server {
add_header 'Content-Length' 0; add_header 'Content-Length' 0;
return 204; return 204;
} }
add_header X-Content-Type-Options nosniff;
add_header Cache-Control max-age=31536000; add_header Cache-Control max-age=31536000;
add_header 'Access-Control-Allow-Origin' "${allowed_origins}"; add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@ -216,6 +217,7 @@ server {
# these payloads are unlocked via login credentials. They are mutable # these payloads are unlocked via login credentials. They are mutable
# and are thus never cached. They're small enough that it doesn't matter, in any case. # and are thus never cached. They're small enough that it doesn't matter, in any case.
location ^~ /block/ { location ^~ /block/ {
add_header X-Content-Type-Options nosniff;
add_header Cache-Control max-age=0; add_header Cache-Control max-age=0;
try_files $uri =404; try_files $uri =404;
} }

Loading…
Cancel
Save