337 Commits

Author SHA1 Message Date
Daniel Micay
6aeda1a29e nginx: remove redundant tcp_nodelay option 2021-04-16 13:34:00 -04:00
Daniel Micay
2632df2a2f remove obsolete mask icon redirects 2021-04-16 08:42:48 -04:00
Daniel Micay
39c0b55422 finish setting up CORP headers and document issues 2021-04-15 04:37:25 -04:00
Daniel Micay
56d73685e3 avoid breaking image hotlinking for now 2021-04-15 04:23:34 -04:00
Daniel Micay
e7f6cff9c2 remove legacy mstile redirects 2021-04-15 03:23:50 -04:00
Daniel Micay
682c078830 simplify error page configuration 2021-04-14 23:41:03 -04:00
Daniel Micay
d069da17c8 set CORP header for error responses too 2021-04-14 23:30:01 -04:00
Daniel Micay
c7d1bdce2e expand same-origin CORP header usage 2021-04-14 23:08:44 -04:00
Daniel Micay
2f61719328 mark js/mjs as immutable too 2021-04-11 23:28:04 -04:00
Daniel Micay
42c521e38b expand same-origin CORP header usage 2021-03-31 14:50:36 -04:00
Daniel Micay
150b04c601 start deploying same-origin CORP conservatively 2021-03-30 13:17:46 -04:00
Daniel Micay
43949eb637 move static site root to /srv 2021-03-30 10:58:04 -04:00
Daniel Micay
19f1f9b700 move mta-sts data to /srv 2021-03-29 17:08:02 -04:00
Daniel Micay
ba1047b121 set immutable for woff2 cache headers 2021-03-27 09:05:58 -04:00
Daniel Micay
54845bd077 update naming for Roboto fonts 2021-03-27 09:02:36 -04:00
Daniel Micay
c3cd0bf24a set immutable for CSS cache header 2021-03-26 21:25:30 -04:00
Daniel Micay
342a31c06c automate CSS/JS cache busting 2021-03-26 21:03:34 -04:00
Daniel Micay
6160770d00 force cache revalidation for (unversioned) html 2021-03-26 19:32:22 -04:00
Daniel Micay
3cfe562892 enforce strict Trusted Types without policies 2021-03-26 13:44:32 -04:00
Daniel Micay
a0d93f3375 explicitly set SameSite for preload session cookie 2021-03-23 10:46:50 -04:00
Daniel Micay
a3b9058e10 work around legacy CSP handling by AV/extensions 2021-03-21 11:21:28 -04:00
Daniel Micay
aae0ac8edf replace legacy /install redirect 2021-03-06 22:38:39 -05:00
Daniel Micay
d12871ad4a add grapheneos.ovh domain 2021-03-01 11:48:03 -05:00
Daniel Micay
0ebc070231 fix redirect of mangled backlinks 2021-02-23 22:32:03 -05:00
Daniel Micay
038af56748 add svg logo to initial preload/push 2021-02-20 12:27:19 -05:00
Daniel Micay
f298ee4b2b use once per session preload / push 2021-02-15 04:23:56 -05:00
Daniel Micay
ba302d9f86 use a single Link header for preloading 2021-02-15 03:41:54 -05:00
Daniel Micay
0c006f9afd add preload headers for core fonts 2021-02-15 03:25:22 -05:00
Daniel Micay
08affd9558 make redirects more robust 2021-02-15 02:27:42 -05:00
Daniel Micay
e5fd95c5ff use relative include for security headers 2021-02-14 09:29:59 -05:00
Daniel Micay
796bb82e8f fix broken double slash redirect
nginx doesn't sanitize input to statements like return.
2021-02-14 09:19:04 -05:00
Daniel Micay
997f062ac6 add brotli static configuration 2021-02-14 00:45:30 -05:00
Daniel Micay
87e5622def switch to nginx user 2021-02-14 00:44:46 -05:00
Daniel Micay
2c3b0f28c0 add redirects to handle reversed order for install 2021-01-27 20:55:52 -05:00
Daniel Micay
ff49f1000d add mjs extension to nginx configuration 2021-01-27 20:29:33 -05:00
Daniel Micay
57f77c96cb drop support for obsolete Feature-Policy header
This has been replaced by Permissions-Policy.
2021-01-26 10:58:00 -05:00
Daniel Micay
154a0ee9dc fix typo in URL 2021-01-25 09:16:34 -05:00
Daniel Micay
4ff446e2d4 create an install directory with an index page 2021-01-24 11:27:08 -05:00
Daniel Micay
548b13c09d temporarily disable Trusted Types for web-install
This can be enabled again when the zip library supports it.
2021-01-23 20:56:05 -05:00
Daniel Micay
498e250eb2 allow search engines to index /web-install 2021-01-23 04:07:11 -05:00
Daniel Micay
795e3e2fdc increase types_hash_max_size to 4096 2021-01-20 10:19:04 -05:00
Daniel Micay
fadb840633 add grapheneos.info domain 2021-01-16 17:38:20 -05:00
Daniel Micay
1b0c6ea5e4 add grapheneos.com domain 2021-01-15 13:54:57 -05:00
Daniel Micay
ee25be54bf use more permissive X-Robots-Tag for web-install 2021-01-07 11:00:37 -05:00
Daniel Micay
fe063f50fe add foundation for WebUSB-based install page 2021-01-05 05:34:45 -05:00
Daniel Micay
011af9527f add redirects for URLs with extra slashes 2021-01-01 23:43:08 -05:00
Daniel Micay
a2a29e3809 set up nginx stub_status module 2021-01-01 03:01:51 -05:00
Daniel Micay
d0f56dc6ab document deprecated/obsolete headers 2020-12-31 21:31:07 -05:00
Daniel Micay
3ad973636d exact match for broken replacement character URL 2020-12-31 20:26:03 -05:00
Daniel Micay
469e30fbd9 only match end of path for brotli/gzip location 2020-12-31 20:17:25 -05:00