From 116ab3b1c229ac9d4b33111e3f7d29d82152fe9a Mon Sep 17 00:00:00 2001
From: Kaloyan Nikolow <tzerber@gmail.com>
Date: Mon, 29 Sep 2025 17:09:32 +0300
Subject: [PATCH] Sync Nginx config with upstream docs

Signed-off-by: Kaloyan Nikolow <tzerber@gmail.com>
---
 .examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf  | 4 +---
 .examples/docker-compose/insecure/postgres/fpm/web/nginx.conf | 4 +---
 .../with-nginx-proxy/postgres/fpm/web/nginx.conf              | 4 +---
 3 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
index 0d67b8b0..32c58209 100644
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,7 +161,7 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
@@ -176,7 +175,6 @@ http {
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {
diff --git a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
index 0d67b8b0..32c58209 100644
--- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,7 +161,7 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
@@ -176,7 +175,6 @@ http {
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {
diff --git a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
index f3f90640..0d736d8c 100644
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,7 +161,7 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
@@ -176,7 +175,6 @@ http {
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {