From 1693bd969b53b4d991f59b4257b0c42a665d14e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs?= <heckyel@hyperbola.info>
Date: Mon, 25 Oct 2021 15:17:48 -0500
Subject: nginx: headers only main nginx resolve the headers only in the NGINX
 that serves HTTPS and not in the container

---
 gitolite-cgit/entrypoint.sh | 11 -----------
 1 file changed, 11 deletions(-)

(limited to 'gitolite-cgit/entrypoint.sh')

diff --git a/gitolite-cgit/entrypoint.sh b/gitolite-cgit/entrypoint.sh
index e82154c..c1ec87f 100755
--- a/gitolite-cgit/entrypoint.sh
+++ b/gitolite-cgit/entrypoint.sh
@@ -328,17 +328,6 @@ EOF
     access_log off;
     error_log off;
 
-    # Aditional Security Headers
-
-    # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-    add_header X-Frame-Options DENY always;
-
-    # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
-    add_header X-Content-Type-Options nosniff always;
-
-    # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
-    add_header X-Xss-Protection "1; mode=block" always;
-
     root /usr/share/webapps/cgit;
     try_files \$uri @cgit;
 
-- 
cgit v1.2.3