From a78a99eafdbb544e9f83991edd540aca1a058b15 Mon Sep 17 00:00:00 2001
From: WrenIX <dev.github@wrenix.eu>
Date: Sat, 21 Sep 2024 12:03:26 +0200
Subject: [PATCH] chore(nextcloud): docs of new headers

---
 charts/nextcloud/README.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/charts/nextcloud/README.md b/charts/nextcloud/README.md
index 745b5231..e9e633a5 100644
--- a/charts/nextcloud/README.md
+++ b/charts/nextcloud/README.md
@@ -20,6 +20,7 @@ helm install my-release nextcloud/nextcloud
     * [Object Storage as Primary Storage Configuration](#object-storage-as-primary-storage-configuration)
     * [Persistence Configurations](#persistence-configurations)
     * [Metrics Configurations](#metrics-configurations)
+    * [Headers set on nginx](#headers-set-on-nginx)
     * [Probes Configurations](#probes-configurations)
 * [Cron jobs](#cron-jobs)
 * [Using the nextcloud docker image auto-configuration via env vars](#using-the-nextcloud-docker-image-auto-configuration-via-env-vars)
@@ -397,6 +398,34 @@ helm install --name my-release -f values.yaml nextcloud/nextcloud
 > **Tip**: You can use the default [values.yaml](values.yaml)
 
 
+### Headers set on NGINX
+
+It is possible to set any additional header
+
+| Parameter                    | Description                         | Default   |
+|------------------------------|-------------------------------------|-----------|
+| `nginx.config.headers.<key>` | Headers which are added with nginx  |           |
+
+
+Following keys are already set with this values:
+  - Referrer-Policy: `no-referrer`
+  - X-Content-Type-Options: `nosniff`
+  - X-Download-Options: `noopen`
+  - X-Frame-Options: `SAMEORIGIN`
+  - X-Permitted-Cross-Domain-Policies: `none`
+  - X-Robots-Tag: `noindex, nofollow`
+  - X-XSS-Protection: `1; mode=block`
+
+Maybe you like to set:
+  - Strict-Transport-Security: `max-age=15768000; includeSubDomains; preload;`
+> [!WARNING]
+> Only add the preload option once you read about
+> the consequences in https://hstspreload.org/. This option
+> will add the domain to a hardcoded list that is shipped
+> in all major browsers and getting removed from this list
+> could take several months.
+
+
 ### Probes Configurations
 
 The nextcloud deployment includes a series of different probes you can use to determine if a pod is ready or not. You can learn more in the [Configure Liveness, Readiness and Startup Probes Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/).