diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 3fd9d4e8..ad00fd68 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -89,37 +89,8 @@ http { /usage.html ", <{{path|/js/redirect.js}}>; rel=modulepreload; integrity={{integrity|/js/redirect.js}}"; } - map $http_cookie $nopush { - ~__Host-push=1 1; - default 0; - } - - map $nopush $push_cookie { - 0 "__Host-push=1; HttpOnly; Secure; SameSite=Lax; Path=/"; - } - - map $nopush $push_stylesheet { - 0 "{{path|/main.css}}"; - } - - map $nopush $push_font_regular { - 0 /fonts/roboto-v29-regular-latin.woff2; - } - - map $nopush $push_font_bold { - 0 /fonts/roboto-v29-bold-latin.woff2; - } - - map $nopush $push_mask_icon { - 0 "{{path|/mask-icon.svg}}"; - } - - map $nopush $push_phone { - 0 "{{path|/pixel-7-pro.svg}}"; - } - - map $nopush $push_redirect_js { - 0 "{{path|/js/redirect.js}}"; + map $http_cookie $clear_legacy_push_cookie { + ~__Host-push= "__Host-push=; HttpOnly; Secure; SameSite=Lax; Path=/; Max-Age=0"; } server { @@ -339,43 +310,6 @@ http { default_type application/trafficadvice+json; } - location = / { - include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Cache-Control "public, no-cache"; - include snippets/preload.conf; - http2_push $push_phone; - http2_push $push_redirect_js; - try_files /index.html =404; - } - - location = /faq { - include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Cache-Control "public, no-cache"; - include snippets/preload.conf; - http2_push $push_redirect_js; - try_files $uri.html =404; - } - - location = /install/ { - include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Cache-Control "public, no-cache"; - include snippets/preload.conf; - http2_push $push_redirect_js; - try_files /install/index.html =404; - } - - location = /install/cli { - include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Cache-Control "public, no-cache"; - include snippets/preload.conf; - http2_push $push_redirect_js; - try_files $uri.html =404; - } - location = /install/web { include snippets/security-headers-base.conf; add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" always; @@ -383,25 +317,6 @@ http { add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cache-Control "public, no-cache"; include snippets/preload.conf; - http2_push $push_redirect_js; - try_files $uri.html =404; - } - - location = /releases { - include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Cache-Control "public, no-cache"; - include snippets/preload.conf; - http2_push $push_redirect_js; - try_files $uri.html =404; - } - - location = /usage { - include snippets/security-headers.conf; - add_header Cross-Origin-Resource-Policy "same-origin" always; - add_header Cache-Control "public, no-cache"; - include snippets/preload.conf; - http2_push $push_redirect_js; try_files $uri.html =404; } diff --git a/nginx/snippets/preload.conf b/nginx/snippets/preload.conf index 96db1dc0..1e187441 100644 --- a/nginx/snippets/preload.conf +++ b/nginx/snippets/preload.conf @@ -1,6 +1,2 @@ add_header Link "<{{path|/main.css}}>; rel=preload; as=style; integrity={{integrity|/main.css}}, ; rel=preload; as=font; crossorigin, ; rel=preload; as=font; crossorigin, <{{path|/mask-icon.svg}}>; rel=preload; as=image$preload_resources_uri" always; -add_header Set-Cookie $push_cookie always; -http2_push $push_stylesheet; -http2_push $push_font_regular; -http2_push $push_font_bold; -http2_push $push_mask_icon; +add_header Set-Cookie $clear_legacy_push_cookie always;