fix(nextcloud): move all headers to values file

nextcloud · Sep 21, 2024 · c1fec92 · c1fec92
1 parent 8d5e6e7
commit c1fec92
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/charts/nextcloud/files/nginx.config.tpl b/charts/nextcloud/files/nginx.config.tpl
@@ -11,8 +11,10 @@ server {
     # will add the domain to a hardcoded list that is shipped
     # in all major browsers and getting removed from this list
     # could take several months.
-    {{- with .Values.nginx.config.header.hsts }}
-    add_header Strict-Transport-Security {{ . | quote }} always;
+    {{- range $name, $value := .Values.nginx.config.headers }}
+    {{- if $value }}
+    add_header {{ $name }} {{ $value | quote }} always;
+    {{- end }}
     {{- end }}
 
     # set max upload size
@@ -31,15 +33,6 @@ server {
     # with the `ngx_pagespeed` module, uncomment this line to disable it.
     #pagespeed off;
 
-    # HTTP response headers borrowed from Nextcloud `.htaccess`
-    add_header Referrer-Policy                      "no-referrer"       always;
-    add_header X-Content-Type-Options               "nosniff"           always;
-    add_header X-Download-Options                   "noopen"            always;
-    add_header X-Frame-Options                      "SAMEORIGIN"        always;
-    add_header X-Permitted-Cross-Domain-Policies    "none"              always;
-    add_header X-Robots-Tag                         "noindex, nofollow" always;
-    add_header X-XSS-Protection                     "1; mode=block"     always;
-
     # Remove X-Powered-By, which is an information leak
     fastcgi_hide_header X-Powered-By;
 

diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
@@ -328,15 +328,22 @@ nginx:
   config:
     # This generates the default nginx config as per the nextcloud documentation
     default: true
-    header:
+    headers:
       # -- HSTS settings
       # WARNING: Only add the preload option once you read about
       # the consequences in https://hstspreload.org/. This option
       # will add the domain to a hardcoded list that is shipped
       # in all major browsers and getting removed from this list
       # could take several months.
       # example: hsts: "max-age=15768000; includeSubDomains; preload;"
-      hsts:
+      "Strict-Transport-Security": ""
+      "Referrer-Policy": "no-referrer"
+      "X-Content-Type-Options": "nosniff"
+      "X-Download-Options": "noopen"
+      "X-Frame-Options": "SAMEORIGIN"
+      "X-Permitted-Cross-Domain-Policies": "none"
+      "X-Robots-Tag": "noindex, nofollow"
+      "X-XSS-Protection": "1; mode=block"
 
     custom:
     # custom: |-