From dc063d6310129bd386430a98be7494d5712d192b Mon Sep 17 00:00:00 2001
From: Chris Hines <chris.hines@monash.edu>
Date: Wed, 23 Sep 2020 15:51:07 +1000
Subject: [PATCH] fix up the sv2 snippet

---
 nginx_snippets/sv2.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nginx_snippets/sv2.conf b/nginx_snippets/sv2.conf
index 3d79457..db79cb8 100644
--- a/nginx_snippets/sv2.conf
+++ b/nginx_snippets/sv2.conf
@@ -2,5 +2,10 @@ location ~ /.* {
         root /opt/strudel2/spa/sv2/;
         #alias /var/www/sv2/dist/sv2/;
         try_files $uri$args $uri$args/ $uri/ /index.html;
-}
+        add_header Content-Security-Policy "default-src 'self' *.cloud.cvl.org.au; style-src 'self' fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com";
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+    	add_header X-Frame-Options "SAMEORIGIN";
+    	add_header X-XSS-Protection "1; mode=block";
+    	add_header X-Content-Type-Options "nosniff";
 
+}
-- 
GitLab