From 698f1f377c443ef7ffe13072ad4ebcc7293b39e2 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Thu, 16 Mar 2023 08:12:46 +0100 Subject: [PATCH] Check https://attackshipsonfi.re/p/exploiting-cors-misconfigurations out --- core/nginx/conf/proxy.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/core/nginx/conf/proxy.conf b/core/nginx/conf/proxy.conf index d0629b97..caad476b 100644 --- a/core/nginx/conf/proxy.conf +++ b/core/nginx/conf/proxy.conf @@ -16,3 +16,12 @@ proxy_hide_header X-Forwarded-Host; proxy_hide_header X-Forwarded-Server; proxy_hide_header X-Host; proxy_hide_header X-HTTP-Host-Override; + +proxy_hide_header X-Original-URL; +proxy_hide_header X-Rewrite-URL; +proxy_hide_header X-URL; + +proxy_hide_header X-HTTP-Method; +proxy_hide_header X-HTTP-Method-Override; +proxy_hide_header X-Method; +proxy_hide_header X-Method-Override;