From 5dc642ace12b3716c5f5cb6d4a07dcc9360b776f Mon Sep 17 00:00:00 2001
From: sakkiii <saketmittal.09@gmail.com>
Date: Fri, 16 Apr 2021 14:45:04 +0530
Subject: [PATCH] Nginx element web: XSS protection & nosniff header

X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
---
 .../templates/nginx/conf.d/matrix-client-element.conf.j2        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
index f56d7fd59..5643af728 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
@@ -6,6 +6,8 @@
 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 	add_header X-Content-Type-Options nosniff;
 	add_header X-Frame-Options SAMEORIGIN;
+	add_header X-XSS-Protection "1; mode=block";
+	add_header Content-Security-Policy "frame-ancestors 'none'";
 	{% for configuration_block in matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks %}
 		{{- configuration_block }}
 	{% endfor %}