From 650829aea9766151dd2b60144cc2073ede4b7c4c Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Wed, 23 Sep 2015 17:49:17 +0300
Subject: [PATCH] nginx: add Upgrade Insecure Requests

http://caniuse.com/#feat=upgradeinsecurerequests
---
 etc/nginx/sites-enabled/host   | 1 +
 etc/nginx/sites-enabled/rproxy | 1 +
 etc/nginx/sites-enabled/vhost  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/etc/nginx/sites-enabled/host b/etc/nginx/sites-enabled/host
index e9dafaf7..cebbac63 100644
--- a/etc/nginx/sites-enabled/host
+++ b/etc/nginx/sites-enabled/host
@@ -33,6 +33,7 @@ server {
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
     add_header X-Frame-Options SAMEORIGIN;
+    add_header Content-Security-Policy upgrade-insecure-requests;
 
     # OCSP Stapling ---
     # fetch OCSP records from URL in ssl_certificate and cache them
diff --git a/etc/nginx/sites-enabled/rproxy b/etc/nginx/sites-enabled/rproxy
index 988b9a2e..d8c2a199 100644
--- a/etc/nginx/sites-enabled/rproxy
+++ b/etc/nginx/sites-enabled/rproxy
@@ -7,6 +7,7 @@ server {
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
     add_header X-Frame-Options SAMEORIGIN;
+    add_header Content-Security-Policy upgrade-insecure-requests;
 
     server_name something.example.org;
 
diff --git a/etc/nginx/sites-enabled/vhost b/etc/nginx/sites-enabled/vhost
index c7c09cb2..c27d1dcf 100644
--- a/etc/nginx/sites-enabled/vhost
+++ b/etc/nginx/sites-enabled/vhost
@@ -9,6 +9,7 @@ server {
     # Enable this if your want HSTS (recommended)
     add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
     add_header X-Frame-Options SAMEORIGIN;
+    add_header Content-Security-Policy upgrade-insecure-requests;
 
     root /var/www/vhostdir;
     index index.php index.html index.htm;