From e5fd95c5ffb175dcae2c2232461f8461c931dfd0 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 14 Feb 2021 09:29:59 -0500
Subject: [PATCH] use relative include for security headers

---
 nginx/nginx.conf | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 694ac76f..4511fb1c 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -82,7 +82,7 @@ http {
 
         root /var/empty;
 
-        include /etc/nginx/snippets/security-headers.conf;
+        include snippets/security-headers.conf;
 
         return 301 https://grapheneos.org$request_uri;
     }
@@ -94,7 +94,7 @@ http {
 
         root /var/empty;
 
-        include /etc/nginx/snippets/security-headers.conf;
+        include snippets/security-headers.conf;
 
         return 302 https://github.com/GrapheneOS/Vanadium;
     }
@@ -108,7 +108,7 @@ http {
         error_page 403 =404 /404.html;
         error_page 404 /404.html;
 
-        include /etc/nginx/snippets/security-headers.conf;
+        include snippets/security-headers.conf;
         gzip_static on;
         brotli_static on;
 
@@ -217,24 +217,24 @@ http {
         }
 
         location ~ "\.(ico|webmanifest)$" {
-            include /etc/nginx/snippets/security-headers.conf;
+            include snippets/security-headers.conf;
             add_header Cache-Control "public, max-age=604800";
         }
 
         location ~ "\.(css|js|mjs|svg)$" {
-            include /etc/nginx/snippets/security-headers.conf;
+            include snippets/security-headers.conf;
             add_header Cache-Control "public, max-age=31536000";
         }
 
         location ~ "\.(png|woff2)$" {
-            include /etc/nginx/snippets/security-headers.conf;
+            include snippets/security-headers.conf;
             add_header Cache-Control "public, max-age=31536000";
             gzip_static off;
             brotli_static off;
         }
 
         location ~ "\.(atom|json|pdf|txt|xml)$" {
-            include /etc/nginx/snippets/security-headers.conf;
+            include snippets/security-headers.conf;
             add_header Cache-Control "public, max-age=1800";
         }
 
@@ -248,7 +248,7 @@ http {
         }
 
         location = /install/web {
-            include /etc/nginx/snippets/security-headers-base.conf;
+            include snippets/security-headers-base.conf;
             add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'" always;
             add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), xr-spatial-tracking=()" always;
             add_header Cache-Control "public, max-age=1800";
@@ -257,7 +257,7 @@ http {
         }
 
         location / {
-            include /etc/nginx/snippets/security-headers.conf;
+            include snippets/security-headers.conf;
             add_header Cache-Control "public, max-age=1800";
             try_files $uri $uri.html $uri/ =404;
             http2_push /grapheneos.css?29;
@@ -281,7 +281,7 @@ http {
 
         root /var/www/mta-sts;
 
-        include /etc/nginx/snippets/security-headers.conf;
+        include snippets/security-headers.conf;
     }
 
     server {