From cb59013ef834f61ef9ead896926d3a778b31431f Mon Sep 17 00:00:00 2001
From: cupcakearmy <nicco.borgioli@gmail.com>
Date: Mon, 19 Aug 2019 12:47:55 +0200
Subject: [PATCH] more secure headers

---
 nginx.conf   | 6 ++++++
 package.json | 1 +
 2 files changed, 7 insertions(+)

diff --git a/nginx.conf b/nginx.conf
index ac04c58..0448085 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -2,6 +2,12 @@ server {
 	listen       80;
 	server_name  _;
 
+	add_header Content-Security-Policy "default-src 'self'; report-uri csp@nicco.io";
+	add_header X-Content-Type-Options "nosniff";
+	add_header X-Frame-Options "deny";
+	add_header Strict-Transport-Security "max-age=31536000";
+	add_header Referrer-Policy "origin";
+
 	location / {
 		root   /usr/share/nginx/html;
 		try_files $uri /index.html;
diff --git a/package.json b/package.json
index 342518a..0c71193 100755
--- a/package.json
+++ b/package.json
@@ -4,6 +4,7 @@
     "build:dev": "webpack -d",
     "build:dev:watch": "webpack -d -w",
     "build:prod": "webpack -p",
+    "build:prod:watch": "webpack -p -w",
     "dev": "webpack-dev-server -d"
   },
   "dependencies": {