From 83bbbd7a22b577ea6c12b435b849f3170ef13214 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=82=A6=E9=82=A6=E9=82=A6=E9=82=A6?= <15622356989@163.com>
Date: Fri, 21 Mar 2025 16:25:07 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0nginx=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 deploy/nginx/nginx.conf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/deploy/nginx/nginx.conf b/deploy/nginx/nginx.conf
index 32fe457..4e8a802 100644
--- a/deploy/nginx/nginx.conf
+++ b/deploy/nginx/nginx.conf
@@ -98,7 +98,7 @@ http {
       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;
       add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
-      add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-src 'none';";
+      add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-src 'none'";
       add_header Cache-Control "no-cache,no-store,must-revalidate";
       add_header Pragma no-cache;
       add_header Expires 0;
@@ -133,6 +133,15 @@ http {
     location /api-issues/ {
       proxy_set_header X-Forwarded-For $http_x_real_ip;
 
+      add_header X-XSS-Protection "1; mode=block";
+      add_header X-Frame-Options DENY;
+      add_header X-Content-Type-Options nosniff;
+      add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'";
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+      add_header Cache-Control "no-cache,no-store,must-revalidate";
+      add_header Pragma no-cache;
+      add_header Expires 0;
+
       proxy_pass https://ipb.osinfra.cn/;
     }
 
-- 
Gitee