You've already forked mastodon-utils
							
							
				mirror of
				https://github.com/jakejarvis/mastodon-utils.git
				synced 2025-10-25 15:15:48 -04:00 
			
		
		
		
	override Referrer-Policy response header
				
					
				
			This commit is contained in:
		| @@ -87,55 +87,55 @@ server { | ||||
|   # then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`. | ||||
|   location = /sw.js { | ||||
|     add_header Cache-Control "public, max-age=604800, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/assets/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/avatars/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/emoji/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/headers/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/packs/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/shortcuts/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/sounds/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, must-revalidate"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
|   location ~ ^/system/ { | ||||
|     add_header Cache-Control "public, max-age=2419200, immutable"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|     try_files $uri =404; | ||||
|   } | ||||
|  | ||||
| @@ -153,11 +153,10 @@ server { | ||||
|     proxy_set_header Upgrade $http_upgrade; | ||||
|     proxy_set_header Connection $connection_upgrade; | ||||
|  | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; | ||||
|     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; | ||||
|  | ||||
|     # jake: added (debugging) | ||||
|     add_header Via $proxy_host; | ||||
|     add_header X-Got-Milk "2%"; | ||||
|     add_header Via "1.1 $proxy_host" always; | ||||
|  | ||||
|     tcp_nodelay on; | ||||
|   } | ||||
| @@ -183,10 +182,14 @@ server { | ||||
|     proxy_cache_valid 410 24h; | ||||
|     proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; | ||||
|  | ||||
|     # jake: added (security) | ||||
|     proxy_hide_header Referrer-Policy; | ||||
|     add_header Referrer-Policy "strict-origin" always; | ||||
|  | ||||
|     # jake: added (debugging) | ||||
|     add_header Via $proxy_host; | ||||
|     add_header X-Cache-Status $upstream_cache_status; | ||||
|     add_header X-Got-Milk "2%"; | ||||
|     add_header Via "1.1 $proxy_host" always; | ||||
|     add_header X-Cache-Status $upstream_cache_status always; | ||||
|     add_header X-Got-Milk "2%" always; | ||||
|  | ||||
|     tcp_nodelay on; | ||||
|   } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user