Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Infini-DL360/web: add website security headers

Browse source
This commit is contained in:
Infinidoge 2025-05-20 23:15:13 -04:00
parent ea416a76f2
commit 72edab5e19
Signed by: Infinidoge
SSH key fingerprint: SHA256:EMoPe5e2dO0gEvtBb2xkZTz5dkyL0rBmuiGTKG5s96E
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hosts/Infini-DL360/web.nix
View file

@ -17,6 +17,9 @@ let
location = /template.html { deny all; } location = /template.html { deny all; }
location ~* "\.(nix|lock)" { deny all; } location ~* "\.(nix|lock)" { deny all; }
location ~ "/\..+" { deny all; } location ~ "/\..+" { deny all; }
add_header Content-Security-Policy "default-src 'self' inx.moe files.inx.moe; frame-ancestors 'self' https://inx.moe; script-src 'self' inx.moe files.inx.moe storage.ko-fi.com; frame-src 'self' inx.moe files.inx.moe github.com;";
add_header X-Content-Type-Options "nosniff;";
''; '';
mkRedirect = to: ssl-optional // { globalRedirect = to; }; mkRedirect = to: ssl-optional // { globalRedirect = to; };
@ -36,7 +39,11 @@ in
locations."/" = { locations."/" = {
root = "/srv/web/inx.moe/out"; # TODO: Make this less volatile root = "/srv/web/inx.moe/out"; # TODO: Make this less volatile
inherit tryFiles; inherit tryFiles;
extraConfig = websiteConfig; extraConfig =
websiteConfig
+ ''
add_header Strict-Transport-Security "max-age=2592000;";
'';
}; };
}; };
"nitter.inx.moe" = mkRedirect "twitter.com"; "nitter.inx.moe" = mkRedirect "twitter.com";