chore: root commit of OWSAP security testing/tightening

2026-03-01 20:46:47 -06:00
parent 1645896e54
commit 079b8b9492
25 changed files with 1131 additions and 107 deletions
--- a/deploy/nginx/skymoneybudget.com.conf
+++ b/deploy/nginx/skymoneybudget.com.conf
@@ -17,6 +17,8 @@ server {
  # Security headers
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
  add_header X-Content-Type-Options "nosniff" always;
+  add_header X-Frame-Options "DENY" always;
+  add_header Content-Security-Policy "frame-ancestors 'none'" always;
  add_header Referrer-Policy "strict-origin-when-cross-origin" always;

  # Static web app