nginx.conf.erb

location / {
  add_header X-XSS-Protection "1; mode=block";
  add_header Content-Security-Policy "frame-ancestors 'none';default-src 'none'; img-src 'self' https://*.xiti.com; script-src 'self' https://cdn.jsdelivr.net https://tag.aticdn.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; font-src 'self'; manifest-src 'self'; object-src 'none'; base-uri 'self';  form-action 'self'; connect-src 'self'";
  add_header X-Frame-Options "DENY";
  add_header X-Content-Type-Options "nosniff";
  add_header Referrer-Policy "strict-origin";
  add_header Feature-Policy "camera 'self'; geolocation 'none'; midi 'none'; notifications 'none'; magnetometer 'none'; gyroscope 'none'; vibrate 'none'; payment 'none';";
  <% if ENV['BASIC_AUTH'] %>
  auth_basic           "Restricted Area";
  auth_basic_user_file .htpasswd;
  <% end %>
  proxy_set_header Host                   $http_host;
  proxy_set_header X-Forwarded-Host       $http_host;
  proxy_pass http://127.0.0.1:8080;
}