From 6996e5ad0f9ab335eba546e0406093676240ed66 Mon Sep 17 00:00:00 2001
From: Andrew Simonson <asimonson1125@gmail.com>
Date: Sun, 29 Jan 2023 13:29:39 -0600
Subject: [PATCH] pain *and* suffering

---
 flask.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/flask.conf b/flask.conf
index 393c53f..84c919a 100644
--- a/flask.conf
+++ b/flask.conf
@@ -2,12 +2,16 @@ server {
     listen      8080;
     server_name _;
 
+    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' *.chesscomfiles.com *.chess.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com ajax.googleapis.com;";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Content-Type-Options 'nosniff';
+    add_header X-Frame-Options 'SAMEORIGIN';
+
     location / {
         proxy_pass http://localhost:5000/;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
-    path https://$server_name$request_uri;
 
     return 301 https://$host$request_uri;