security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

add redirects for query parameters with static HTML

Browse Source
This commit is contained in:
Daniel Micay 2024-04-20 13:21:06 -04:00
parent 0687ad9ee2
commit b132434929
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nginx/nginx.conf
View File

@ -379,6 +379,9 @@ http {
} }
location = /install/web { location = /install/web {
if ($request_uri ~ \?) {
rewrite ^(.*)$ $1? permanent;
}
include snippets/security-headers-base.conf; include snippets/security-headers-base.conf;
add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'" always; add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'" always;
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), sync-xhr=(), xr-spatial-tracking=()" always; add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), sync-xhr=(), xr-spatial-tracking=()" always;
@ -397,6 +400,9 @@ http {
} }
location ~ "/$" { location ~ "/$" {
if ($request_uri ~ \?) {
rewrite ^(.*)$ $1? permanent;
}
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache"; add_header Cache-Control "public, no-cache";
@ -452,6 +458,9 @@ http {
} }
location / { location / {
if ($request_uri ~ \?) {
rewrite ^(.*)$ $1? permanent;
}
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache"; add_header Cache-Control "public, no-cache";