security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

set up preload and push for redirect.js

Browse Source
This commit is contained in:
Daniel Micay 2022-02-19 09:53:05 -05:00
parent 41a7027d92
commit 0786d86882
1 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
nginx/nginx.conf
View File

@ -74,7 +74,12 @@ http {
if_modified_since before; if_modified_since before;
map $uri $preload_resources_uri { map $uri $preload_resources_uri {
/index.html ", </phone.png>; rel=preload; as=image"; /index.html ", </phone.png>; rel=preload; as=image, <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}";
/faq.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}";
/install/cli.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}";
/install/web.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}";
/releases.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}";
/usage.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}";
} }
map $http_cookie $clear_legacy_push_cookie { map $http_cookie $clear_legacy_push_cookie {
@ -110,6 +115,10 @@ http {
0 /phone.png; 0 /phone.png;
} }
map $nopush $push_redirect_js {
0 "{{path|/js/redirect.js}}";
}
server { server {
listen 80 backlog=4096; listen 80 backlog=4096;
listen [::]:80 backlog=4096; listen [::]:80 backlog=4096;
@ -320,9 +329,28 @@ http {
add_header Cache-Control "public, no-cache"; add_header Cache-Control "public, no-cache";
include snippets/preload.conf; include snippets/preload.conf;
http2_push $push_phone; http2_push $push_phone;
http2_push $push_redirect_js;
try_files /index.html =404; try_files /index.html =404;
} }
location = /faq {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache";
include snippets/preload.conf;
http2_push $push_redirect_js;
try_files $uri.html =404;
}
location = /install/cli {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache";
include snippets/preload.conf;
http2_push $push_redirect_js;
try_files $uri.html =404;
}
location = /install/web { location = /install/web {
include snippets/security-headers-base.conf; include snippets/security-headers-base.conf;
add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" always; add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" always;
@ -330,6 +358,25 @@ http {
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache"; add_header Cache-Control "public, no-cache";
include snippets/preload.conf; include snippets/preload.conf;
http2_push $push_redirect_js;
try_files $uri.html =404;
}
location = /releases {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache";
include snippets/preload.conf;
http2_push $push_redirect_js;
try_files $uri.html =404;
}
location = /usage {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache";
include snippets/preload.conf;
http2_push $push_redirect_js;
try_files $uri.html =404; try_files $uri.html =404;
} }