From 3ddfc838023dbbcd6eb89509b37baed80114e6d6 Mon Sep 17 00:00:00 2001
From: Grigory Shipunov <blame@oxapentane.com>
Date: Sat, 14 Jan 2023 13:21:12 +0100
Subject: [PATCH] add strict transport security header

---
 microvms/nextcloud/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/microvms/nextcloud/default.nix b/microvms/nextcloud/default.nix
index e86ab53..93bb11d 100644
--- a/microvms/nextcloud/default.nix
+++ b/microvms/nextcloud/default.nix
@@ -34,6 +34,7 @@
         add_header X-Permitted-Cross-Domain-Policies    "none"          always;
         add_header X-Robots-Tag                         "none"          always;
         add_header X-XSS-Protection                     "1; mode=block" always;
+        add_header Strict-Transport-Security            "max-age=31536000; includeSubDomains" always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;