From 3fb2bb691e88369560ea6fe8321eada5bdd7449e Mon Sep 17 00:00:00 2001
From: eric_G <46165813+ericgaspar@users.noreply.github.com>
Date: Thu, 19 Dec 2024 13:14:24 +0100
Subject: [PATCH] Update nginx.conf

---
 conf/nginx.conf | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 0b6c2fd1..f521457e 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,6 +1,7 @@
-# Add .mjs as a file extension for javascript
+# Set .mjs MIME types
 # Either include it in the default mime.types list
 # or include you can include that list explicitly and add the file extension
+# and include that list explicitly or add the file extension
 # only for Nextcloud like below:
 include mime.types;
 types {
@@ -54,8 +55,15 @@ location ^~ __PATH__/ {
   # for tunning hints
   client_body_buffer_size 512k;
 
-  # HTTP response headers borrowed from Nextcloud `.htaccess`
+  # HSTS settings
+  # WARNING: Only add the preload option once you read about
+  # the consequences in https://hstspreload.org/. This option
+  # will add the domain to a hardcoded list that is shipped
+  # in all major browsers and getting removed from this list
+  # could take several months.
   #more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
+  
+  # HTTP response headers borrowed from Nextcloud `.htaccess`
   more_set_headers "Referrer-Policy: no-referrer";
   more_set_headers "X-Content-Type-Options: nosniff";
   more_set_headers "X-Download-Options: noopen";