From 3d56a9014c210c48c8227a0449c2d32c2346388a Mon Sep 17 00:00:00 2001
From: Lucas <lucasroyer.dev@gmail.com>
Date: Fri, 23 Jan 2026 16:05:45 +0000
Subject: [PATCH] fix: improve nextcloud security

---
 Caddyfile | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/Caddyfile b/Caddyfile
index 778aa0f..7e4ae89 100755
--- a/Caddyfile
+++ b/Caddyfile
@@ -286,6 +286,16 @@ motsdepasse.interstices.pro {
 }
 
 nextcloud.lucasroyer.fr {
+	# Security
+    header {
+        X-Frame-Options "SAMEORIGIN"
+        X-Content-Type-Options "nosniff"
+        X-XSS-Protection "1; mode=block"
+        Referrer-Policy "no-referrer"
+        Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
+        -Server
+    }
+
 	# Large files
 	request_body {
 		max_size 10GB
@@ -303,7 +313,9 @@ nextcloud.lucasroyer.fr {
 	reverse_proxy nextcloud-web:80 {
 		header_up Host {host}
 		header_up X-Real-IP {remote_host}
-	}
+        header_down X-Frame-Options "SAMEORIGIN"
+        header_down X-Content-Type-Options "nosniff"
+    }
 }
 
 onlyoffice.lucasroyer.fr {