From ad43f908df5d685dd60aaddc92f2002ba3339ca8 Mon Sep 17 00:00:00 2001
From: schurzi <Martin.Schurz@t-systems.com>
Date: Mon, 29 Nov 2021 10:25:43 +0100
Subject: [PATCH] prettify nginx options (#509)

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
---
 roles/nginx_hardening/defaults/main.yml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/roles/nginx_hardening/defaults/main.yml b/roles/nginx_hardening/defaults/main.yml
index f3bdc82d..fd121992 100644
--- a/roles/nginx_hardening/defaults/main.yml
+++ b/roles/nginx_hardening/defaults/main.yml
@@ -11,15 +11,15 @@ nginx_client_header_timeout: "10"
 nginx_send_timeout: "10"
 nginx_limit_conn_zone: "$binary_remote_addr zone=default:10m"
 nginx_limit_conn: "default 5"
-nginx_add_header: [
-# vvoid clickjacking
-"X-Frame-Options SAMEORIGIN",
-# disable content-type sniffing
-"X-Content-Type-Options nosniff",
-# XSS filter
-"X-XSS-Protection \"1; mode=block\"",
-"Strict-Transport-Security max-age=15768000",
-"Content-Security-Policy \"script-src 'self'; object-src 'self'\"" ]
+nginx_add_header:
+  # avoid clickjacking
+  - X-Frame-Options SAMEORIGIN
+  # disable content-type sniffing
+  - X-Content-Type-Options nosniff
+  # XSS filter
+  - X-XSS-Protection "1; mode=block"
+  - Strict-Transport-Security max-age=15768000
+  - Content-Security-Policy "script-src 'self'; object-src 'self'"
 
 nginx_set_cookie_flag: "* HttpOnly secure"
 nginx_ssl_prefer_server_ciphers: "on"