From 698f1f377c443ef7ffe13072ad4ebcc7293b39e2 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 16 Mar 2023 08:12:46 +0100
Subject: [PATCH] Check
 https://attackshipsonfi.re/p/exploiting-cors-misconfigurations out

---
 core/nginx/conf/proxy.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/core/nginx/conf/proxy.conf b/core/nginx/conf/proxy.conf
index d0629b97..caad476b 100644
--- a/core/nginx/conf/proxy.conf
+++ b/core/nginx/conf/proxy.conf
@@ -16,3 +16,12 @@ proxy_hide_header X-Forwarded-Host;
 proxy_hide_header X-Forwarded-Server;
 proxy_hide_header X-Host;
 proxy_hide_header X-HTTP-Host-Override;
+
+proxy_hide_header X-Original-URL;
+proxy_hide_header X-Rewrite-URL;
+proxy_hide_header X-URL;
+
+proxy_hide_header X-HTTP-Method;
+proxy_hide_header X-HTTP-Method-Override;
+proxy_hide_header X-Method;
+proxy_hide_header X-Method-Override;