commit 745cedfedd806f64ca26a7bb37068d932a4eb729
parent e87eaf6656b98f89c8b8c84ddaaffb861b3846dd
Author: Florian Dold <florian.dold@gmail.com>
Date: Tue, 6 Feb 2018 12:06:42 +0100
serve images for staging correctly, allow data URLs as img-src
Diffstat:
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/etc/nginx/conf.d/talerssl b/etc/nginx/conf.d/talerssl
@@ -10,5 +10,5 @@ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; prelo
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
-add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://buildbot.taler.net";
+add_header Content-Security-Policy "default-src 'self'; img-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://buildbot.taler.net";
add_header Referrer-Policy "same-origin";
diff --git a/etc/nginx/sites-enabled/www-stage.site b/etc/nginx/sites-enabled/www-stage.site
@@ -48,17 +48,17 @@ server {
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
- location ~* \.(png|jpg|jpeg|gif|ico|svg|js|css)$ {
- root /home/docbuilder/stage.taler.net;
- expires 1y;
- }
-
# Note: this will go to /var/www/(videos|releases), which we took out of Git
location /videos {
root /var/www;
expires max;
}
+ location ~* /videos/.*\.(png|jpg|ogv|webm|gif|svg)$ {
+ root /var/www;
+ expires max;
+ }
+
# FIXME: this location newest files are from Oct'16
location /releases {
root /var/www;
@@ -68,4 +68,11 @@ server {
location /files {
root /var/www;
}
+
+ location ~* \.(png|jpg|jpeg|gif|ico|svg|js|css)$ {
+ root /home/docbuilder/stage.taler.net;
+ expires 1y;
+ }
+
+
}
