security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
6,082 Commits 2 Branches 4 Tags
Commit Graph

302 Commits

Author SHA1 Message Date
Daniel Micay
f66cae5a86 reduce reliance on try_files (inefficient) 2021-04-25 17:44:21 -04:00
Daniel Micay
36e63fcbef raise keepalive_timeout to prior HTTP/2 value 2021-04-23 20:49:08 -04:00
Daniel Micay
f3320a54d1 prefer ChaCha20 for clients without hardware AES 2021-04-23 16:31:17 -04:00
Daniel Micay
59cbca7083 update nginx configuration for 1.20.0 2021-04-23 15:54:16 -04:00
Daniel Micay
e4fcd76ece use 429 response code for conn limit 2021-04-19 15:43:41 -04:00
Daniel Micay
5e83027d04 disable unused Clipboard API features 2021-04-18 00:49:50 -04:00
Daniel Micay
1f027a3fce disable unused hid (WebHID API) feature 2021-04-18 00:40:47 -04:00
Daniel Micay
380e34f435 disable unused serial (Web Serial API) feature 2021-04-18 00:37:16 -04:00
Daniel Micay
3584a627f8 disable interest-cohort feature 2021-04-18 00:34:46 -04:00
Daniel Micay
8a392845a7 add missing qualifier for CORP header setting 2021-04-17 04:55:49 -04:00
Daniel Micay
d89ba6bbcf redirect mangled backlinks to /usage#updates 2021-04-17 04:21:36 -04:00
Daniel Micay
2efda9f4da redirect broken backlink to /faq 2021-04-17 04:18:24 -04:00
Daniel Micay
aff5f4def1 disable obsolete msie_padding feature 2021-04-17 03:57:32 -04:00
Daniel Micay
6d4a724f80 nginx: limit sendfile chunk size 2021-04-17 01:47:33 -04:00
Daniel Micay
c812d96b51 set keepalive_requests to match nginx mainline 2021-04-16 23:56:39 -04:00
Daniel Micay
6aeda1a29e nginx: remove redundant tcp_nodelay option 2021-04-16 13:34:00 -04:00
Daniel Micay
2632df2a2f remove obsolete mask icon redirects 2021-04-16 08:42:48 -04:00
Daniel Micay
39c0b55422 finish setting up CORP headers and document issues 2021-04-15 04:37:25 -04:00
Daniel Micay
56d73685e3 avoid breaking image hotlinking for now 2021-04-15 04:23:34 -04:00
Daniel Micay
e7f6cff9c2 remove legacy mstile redirects 2021-04-15 03:23:50 -04:00
Daniel Micay
682c078830 simplify error page configuration 2021-04-14 23:41:03 -04:00
Daniel Micay
d069da17c8 set CORP header for error responses too 2021-04-14 23:30:01 -04:00
Daniel Micay
c7d1bdce2e expand same-origin CORP header usage 2021-04-14 23:08:44 -04:00
Daniel Micay
2f61719328 mark js/mjs as immutable too 2021-04-11 23:28:04 -04:00
Daniel Micay
42c521e38b expand same-origin CORP header usage 2021-03-31 14:50:36 -04:00
Daniel Micay
150b04c601 start deploying same-origin CORP conservatively 2021-03-30 13:17:46 -04:00
Daniel Micay
43949eb637 move static site root to /srv 2021-03-30 10:58:04 -04:00
Daniel Micay
19f1f9b700 move mta-sts data to /srv 2021-03-29 17:08:02 -04:00
Daniel Micay
ba1047b121 set immutable for woff2 cache headers 2021-03-27 09:05:58 -04:00
Daniel Micay
54845bd077 update naming for Roboto fonts 2021-03-27 09:02:36 -04:00
Daniel Micay
c3cd0bf24a set immutable for CSS cache header 2021-03-26 21:25:30 -04:00
Daniel Micay
342a31c06c automate CSS/JS cache busting 2021-03-26 21:03:34 -04:00
Daniel Micay
6160770d00 force cache revalidation for (unversioned) html 2021-03-26 19:32:22 -04:00
Daniel Micay
3cfe562892 enforce strict Trusted Types without policies 2021-03-26 13:44:32 -04:00
Daniel Micay
a0d93f3375 explicitly set SameSite for preload session cookie 2021-03-23 10:46:50 -04:00
Daniel Micay
a3b9058e10 work around legacy CSP handling by AV/extensions 2021-03-21 11:21:28 -04:00
Daniel Micay
aae0ac8edf replace legacy /install redirect 2021-03-06 22:38:39 -05:00
Daniel Micay
d12871ad4a add grapheneos.ovh domain 2021-03-01 11:48:03 -05:00
Daniel Micay
0ebc070231 fix redirect of mangled backlinks 2021-02-23 22:32:03 -05:00
Daniel Micay
038af56748 add svg logo to initial preload/push 2021-02-20 12:27:19 -05:00
Daniel Micay
f298ee4b2b use once per session preload / push 2021-02-15 04:23:56 -05:00
Daniel Micay
ba302d9f86 use a single Link header for preloading 2021-02-15 03:41:54 -05:00
Daniel Micay
0c006f9afd add preload headers for core fonts 2021-02-15 03:25:22 -05:00
Daniel Micay
08affd9558 make redirects more robust 2021-02-15 02:27:42 -05:00
Daniel Micay
e5fd95c5ff use relative include for security headers 2021-02-14 09:29:59 -05:00
Daniel Micay
796bb82e8f fix broken double slash redirect 
nginx doesn't sanitize input to statements like return.
 2021-02-14 09:19:04 -05:00
Daniel Micay
997f062ac6 add brotli static configuration 2021-02-14 00:45:30 -05:00
Daniel Micay
87e5622def switch to nginx user 2021-02-14 00:44:46 -05:00
Daniel Micay
2c3b0f28c0 add redirects to handle reversed order for install 2021-01-27 20:55:52 -05:00
Daniel Micay
ff49f1000d add mjs extension to nginx configuration 2021-01-27 20:29:33 -05:00