From 684bd243265771e831f617b78364bda91f2d009e Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Sun, 30 Oct 2022 02:46:50 +0200
Subject: [PATCH] move 2 headers from python to nginx

---
 files/__main__.py | 2 --
 nginx.conf        | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/files/__main__.py b/files/__main__.py
index 8a4090b54..1172029e9 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -110,8 +110,6 @@ def before_request():
 
 @app.after_request
 def after_request(response):
-	response.headers.add("Strict-Transport-Security", "max-age=31536000")
-	response.headers.add("X-Frame-Options", "deny")
 	if response.status_code < 400:
 		g.db.commit()
 		g.db.close()
diff --git a/nginx.conf b/nginx.conf
index 2e57b6f4f..6a5b25a04 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -5,6 +5,8 @@ server {
 	listen [::]:80;
 	proxy_set_header Host $http_host;
 	add_header Referrer-Policy same-origin;
+	add_header Strict-Transport-Security "max-age=3153600";
+	add_header X-Frame-Options "deny";
 
 	location / {
 		proxy_pass http://localhost:5000/;