jake/mastodon-utils
1
Fork 0
mirror of https://github.com/jakejarvis/mastodon-utils.git synced 2025-04-25 22:45:22 -04:00
Code Issues Releases Wiki Activity

override Referrer-Policy response header

Browse Source
This commit is contained in:
Jake Jarvis 2022-12-10 13:56:35 -05:00
parent a061a510ee
commit de1edc8fe0
Signed by: jake
GPG Key ID: 2B0C9CF251E69A39
1 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
etc/nginx/sites-available/mastodon.conf
View File

@ -87,55 +87,55 @@ server {
# then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
location = /sw.js {
add_header Cache-Control "public, max-age=604800, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/assets/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/avatars/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/emoji/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/headers/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/packs/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/shortcuts/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/sounds/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/system/ {
add_header Cache-Control "public, max-age=2419200, immutable";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
@ -153,11 +153,10 @@ server {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
# jake: added (debugging)
add_header Via $proxy_host;
add_header X-Got-Milk "2%";
add_header Via "1.1 $proxy_host" always;
tcp_nodelay on;
}
@ -183,10 +182,14 @@ server {
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# jake: added (security)
proxy_hide_header Referrer-Policy;
add_header Referrer-Policy "strict-origin" always;
# jake: added (debugging)
add_header Via $proxy_host;
add_header X-Cache-Status $upstream_cache_status;
add_header X-Got-Milk "2%";
add_header Via "1.1 $proxy_host" always;
add_header X-Cache-Status $upstream_cache_status always;
add_header X-Got-Milk "2%" always;
tcp_nodelay on;
}