From 543f332da11e8e77b6150c0ab198ea812747e26f Mon Sep 17 00:00:00 2001
From: plowsof <plowsof@protonmail.com>
Date: Fri, 30 Aug 2024 11:25:16 +0100
Subject: [PATCH] Dockerfile_coolify: Added security and privacy-focused HTTP
 headers

- Implemented various HTTP headers to enhance security and privacy

Full credit to featherwallet.org for the header configuration + inspiration.
---
 Dockerfile_coolify | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Dockerfile_coolify b/Dockerfile_coolify
index c715547..b6b0e67 100644
--- a/Dockerfile_coolify
+++ b/Dockerfile_coolify
@@ -16,6 +16,12 @@ COPY --from=builder /monero-docs/public /usr/share/nginx/html
 RUN echo 'server { \
     listen 80; \
     add_header Onion-Location http://xmrdoc6phnvjbf5hmjbwdfu47zavzfngymlnwhs2gyxxpxmad4c65kyd.onion$request_uri; \
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; \
+    add_header Referrer-Policy "no-referrer"; \
+    add_header X-XSS-Protection "0"; \
+    add_header X-Frame-Options "DENY"; \
+    add_header X-Content-Type-Options "nosniff"; \
+    add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"; \
     root /usr/share/nginx/html; \
     index index.html index.htm; \
     error_page 404 /404.html; \