RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 18:17:44 +00:00
Code Issues Activity

fix: fix some nginx header issues

Browse source
This commit is contained in:
RGBCube 2025-02-23 01:21:45 +03:00
parent 0dd43e11e9
commit dad68acf68
2 changed files with 14 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/nginx.nix
View file

@ -1,4 +1,5 @@
{ config, lib, pkgs, ... }: let
inherit (config.networking) domain;
inherit (lib) enabled mkConst;
in {
options.nginxSslTemplate = mkConst {
@ -8,6 +9,10 @@ in {
};
options.nginxHeaders = mkConst ''
# TODO: Not working for some reason.
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
add_header Strict-Transport-Security $hsts_header;
add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
@ -48,6 +53,14 @@ in {
https "max-age=31536000; includeSubdomains; preload";
}
map $http_origin $allow_origin {
~^https://.+\.${domain}$ $http_origin;
}
map $http_origin $allow_methods {
~^https://.+\.${domain}$ "GET, HEAD, OPTIONS";
}
${config.nginxHeaders}
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";