From 0786d8688241da10e68a1b97f51b4ad3d9325450 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 19 Feb 2022 09:53:05 -0500 Subject: [PATCH] set up preload and push for redirect.js --- nginx/nginx.conf | 49 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index fc8e42ed..817b073e 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -74,7 +74,12 @@ http { if_modified_since before; map $uri $preload_resources_uri { - /index.html ", ; rel=preload; as=image"; + /index.html ", ; rel=preload; as=image, <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}"; + /faq.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}"; + /install/cli.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}"; + /install/web.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}"; + /releases.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}"; + /usage.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}"; } map $http_cookie $clear_legacy_push_cookie { @@ -110,6 +115,10 @@ http { 0 /phone.png; } + map $nopush $push_redirect_js { + 0 "{{path|/js/redirect.js}}"; + } + server { listen 80 backlog=4096; listen [::]:80 backlog=4096; @@ -320,9 +329,28 @@ http { add_header Cache-Control "public, no-cache"; include snippets/preload.conf; http2_push $push_phone; + http2_push $push_redirect_js; try_files /index.html =404; } + location = /faq { + include snippets/security-headers.conf; + add_header Cross-Origin-Resource-Policy "same-origin" always; + add_header Cache-Control "public, no-cache"; + include snippets/preload.conf; + http2_push $push_redirect_js; + try_files $uri.html =404; + } + + location = /install/cli { + include snippets/security-headers.conf; + add_header Cross-Origin-Resource-Policy "same-origin" always; + add_header Cache-Control "public, no-cache"; + include snippets/preload.conf; + http2_push $push_redirect_js; + try_files $uri.html =404; + } + location = /install/web { include snippets/security-headers-base.conf; add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" always; @@ -330,6 +358,25 @@ http { add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cache-Control "public, no-cache"; include snippets/preload.conf; + http2_push $push_redirect_js; + try_files $uri.html =404; + } + + location = /releases { + include snippets/security-headers.conf; + add_header Cross-Origin-Resource-Policy "same-origin" always; + add_header Cache-Control "public, no-cache"; + include snippets/preload.conf; + http2_push $push_redirect_js; + try_files $uri.html =404; + } + + location = /usage { + include snippets/security-headers.conf; + add_header Cross-Origin-Resource-Policy "same-origin" always; + add_header Cache-Control "public, no-cache"; + include snippets/preload.conf; + http2_push $push_redirect_js; try_files $uri.html =404; }