security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

set CORP header for error responses too

Browse Source
This commit is contained in:
Daniel Micay 2021-04-14 23:30:01 -04:00
parent c7d1bdce2e
commit d069da17c8
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nginx/nginx.conf
View File

@ -88,7 +88,7 @@ http {
root /var/empty;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
return 301 https://grapheneos.org$request_uri;
}
@ -101,7 +101,7 @@ http {
root /var/empty;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
return 302 https://github.com/GrapheneOS/Vanadium;
}
@ -116,7 +116,7 @@ http {
error_page 404 /404.html;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
gzip_static on;
brotli_static on;
@ -213,14 +213,14 @@ http {
location = /404 {
internal;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
include snippets/preload.conf;
}
location = /404.html {
internal;
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
include snippets/preload.conf;
}
@ -231,13 +231,13 @@ http {
location ~ "\.(ico|webmanifest)$" {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, max-age=604800";
}
location ~ "\.(css|js|mjs)$" {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, max-age=31536000, immutable";
}
@ -248,7 +248,7 @@ http {
location ~ "\.woff2$" {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, max-age=31536000, immutable";
gzip_static off;
brotli_static off;
@ -274,7 +274,7 @@ http {
include snippets/security-headers-base.conf;
add_header Content-Security-Policy "default-src 'none'; child-src 'self'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" always;
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), xr-spatial-tracking=()" always;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache";
include snippets/preload.conf;
try_files $uri.html =404;
@ -282,7 +282,7 @@ http {
location / {
include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin";
add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Cache-Control "public, no-cache";
include snippets/preload.conf;
try_files $uri $uri.html $uri/ =404;