diff --git a/nextcloud/nextcloud.conf b/nextcloud/nextcloud.conf index edb644a..665fd1f 100644 --- a/nextcloud/nextcloud.conf +++ b/nextcloud/nextcloud.conf @@ -26,13 +26,13 @@ server { #pagespeed off; # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -73,8 +73,10 @@ server { # The rules in this block are an adaptation of the rules # in `.htaccess` that concern `/.well-known`. - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + location = /.well-known/webfinger { return 301 /index.php/.well-known/webfinger/; } + location = /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; } # Let Nextcloud's API for `/.well-known` URIs handle all other # requests by passing them to the front-end controller. @@ -131,4 +133,4 @@ server { location / { try_files $uri $uri/ /index.php$request_uri; } -} \ No newline at end of file +}