From 10d9cc6a796dc81f660e3fdf3c50b94d081d5b0f Mon Sep 17 00:00:00 2001 From: MichaIng Date: Wed, 15 Feb 2023 17:49:55 +0100 Subject: [PATCH] Replace X-Robots-Tag header value with "noindex, nofollow" For reference: https://github.com/nextcloud/server/pull/36689 Signed-off-by: MichaIng --- admin_manual/installation/harden_server.rst | 4 ++-- admin_manual/installation/nginx-root.conf.sample | 14 +++++++------- admin_manual/installation/nginx-subdir.conf.sample | 14 +++++++------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/admin_manual/installation/harden_server.rst b/admin_manual/installation/harden_server.rst index 64bf428b8..5cfecc6c3 100644 --- a/admin_manual/installation/harden_server.rst +++ b/admin_manual/installation/harden_server.rst @@ -197,8 +197,8 @@ These include: - Instructs some browsers to not sniff the mimetype of files. This is used for example to prevent browsers from interpreting text files as JavaScript. - ``X-XSS-Protection: 1; mode=block`` - Instructs browsers to enable their browser side Cross-Site-Scripting filter. -- ``X-Robots-Tag: none`` - - Instructs search machines to not index these pages. +- ``X-Robots-Tag: noindex, nofollow`` + - Instructs search machines to not index these pages and not follow any links there. - ``X-Frame-Options: SAMEORIGIN`` - Prevents embedding of the Nextcloud instance within an iframe from other domains to prevent Clickjacking and other similar attacks. - ``Referrer-Policy: no-referrer`` diff --git a/admin_manual/installation/nginx-root.conf.sample b/admin_manual/installation/nginx-root.conf.sample index d82881841..865a4332e 100644 --- a/admin_manual/installation/nginx-root.conf.sample +++ b/admin_manual/installation/nginx-root.conf.sample @@ -69,13 +69,13 @@ server { client_body_buffer_size 512k; # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; diff --git a/admin_manual/installation/nginx-subdir.conf.sample b/admin_manual/installation/nginx-subdir.conf.sample index f0abad771..703de9f83 100644 --- a/admin_manual/installation/nginx-subdir.conf.sample +++ b/admin_manual/installation/nginx-subdir.conf.sample @@ -92,13 +92,13 @@ server { client_body_buffer_size 512k; # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By;