From 2cb3b6ff7f08984939b55acbeb0d1354517bc0fa Mon Sep 17 00:00:00 2001
From: Rune Philosof <rp@abtion.com>
Date: Thu, 22 Aug 2024 10:45:35 +0200
Subject: [PATCH] Add header `X-Content-Type-Options "nosniff"`

https://infosec.mozilla.org/guidelines/web_security#x-content-type-options
> all sites must set the X-Content-Type-Options header and the appropriate MIME types for files that they serve.
---
 frontend/nginx.conf | 2 ++
 widget/nginx.conf   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index db5cb9b..579e326 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -5,6 +5,8 @@ upstream web {
 server {
   listen 80;
 
+  add_header X-Content-Type-Options "nosniff" always;
+
   location ~ ^/api(/?)(.*) {
     proxy_pass http://web/$2$is_args$args;
   }
diff --git a/widget/nginx.conf b/widget/nginx.conf
index d64c1a5..4b6c394 100644
--- a/widget/nginx.conf
+++ b/widget/nginx.conf
@@ -1,6 +1,8 @@
 server {
   listen 80;
 
+  add_header X-Content-Type-Options "nosniff" always;
+
   location / {
     root /usr/share/nginx/html/;
     include /etc/nginx/mime.types;