From c1fec9222e3f17ef446c7b8febe96fee45033bfd Mon Sep 17 00:00:00 2001
From: WrenIX <dev.github@wrenix.eu>
Date: Sat, 21 Sep 2024 11:49:35 +0200
Subject: [PATCH] fix(nextcloud): move all headers to values file

---
 charts/nextcloud/files/nginx.config.tpl | 15 ++++-----------
 charts/nextcloud/values.yaml            | 11 +++++++++--
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/charts/nextcloud/files/nginx.config.tpl b/charts/nextcloud/files/nginx.config.tpl
index f541c705..91c4e09b 100644
--- a/charts/nextcloud/files/nginx.config.tpl
+++ b/charts/nextcloud/files/nginx.config.tpl
@@ -11,8 +11,10 @@ server {
     # will add the domain to a hardcoded list that is shipped
     # in all major browsers and getting removed from this list
     # could take several months.
-    {{- with .Values.nginx.config.header.hsts }}
-    add_header Strict-Transport-Security {{ . | quote }} always;
+    {{- range $name, $value := .Values.nginx.config.headers }}
+    {{- if $value }}
+    add_header {{ $name }} {{ $value | quote }} always;
+    {{- end }}
     {{- end }}
 
     # set max upload size
@@ -31,15 +33,6 @@ server {
     # with the `ngx_pagespeed` module, uncomment this line to disable it.
     #pagespeed off;
 
-    # HTTP response headers borrowed from Nextcloud `.htaccess`
-    add_header Referrer-Policy                      "no-referrer"       always;
-    add_header X-Content-Type-Options               "nosniff"           always;
-    add_header X-Download-Options                   "noopen"            always;
-    add_header X-Frame-Options                      "SAMEORIGIN"        always;
-    add_header X-Permitted-Cross-Domain-Policies    "none"              always;
-    add_header X-Robots-Tag                         "noindex, nofollow" always;
-    add_header X-XSS-Protection                     "1; mode=block"     always;
-
     # Remove X-Powered-By, which is an information leak
     fastcgi_hide_header X-Powered-By;
 
diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
index b10ec04d..9a865073 100644
--- a/charts/nextcloud/values.yaml
+++ b/charts/nextcloud/values.yaml
@@ -328,7 +328,7 @@ nginx:
   config:
     # This generates the default nginx config as per the nextcloud documentation
     default: true
-    header:
+    headers:
       # -- HSTS settings
       # WARNING: Only add the preload option once you read about
       # the consequences in https://hstspreload.org/. This option
@@ -336,7 +336,14 @@ nginx:
       # in all major browsers and getting removed from this list
       # could take several months.
       # example: hsts: "max-age=15768000; includeSubDomains; preload;"
-      hsts:
+      "Strict-Transport-Security": ""
+      "Referrer-Policy": "no-referrer"
+      "X-Content-Type-Options": "nosniff"
+      "X-Download-Options": "noopen"
+      "X-Frame-Options": "SAMEORIGIN"
+      "X-Permitted-Cross-Domain-Policies": "none"
+      "X-Robots-Tag": "noindex, nofollow"
+      "X-XSS-Protection": "1; mode=block"
 
     custom:
     # custom: |-