RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 18:17:44 +00:00
Code Issues Activity

fix: fix some nginx header issues

Browse source
This commit is contained in:
RGBCube 2025-02-23 01:21:45 +03:00
parent 0dd43e11e9
commit dad68acf68
2 changed files with 14 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/nginx.nix
View file

@ -1,4 +1,5 @@
{ config, lib, pkgs, ... }: let { config, lib, pkgs, ... }: let
inherit (config.networking) domain;
inherit (lib) enabled mkConst; inherit (lib) enabled mkConst;
in { in {
options.nginxSslTemplate = mkConst { options.nginxSslTemplate = mkConst {
@ -8,6 +9,10 @@ in {
}; };
options.nginxHeaders = mkConst '' options.nginxHeaders = mkConst ''
# TODO: Not working for some reason.
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
@ -48,6 +53,14 @@ in {
https "max-age=31536000; includeSubdomains; preload"; https "max-age=31536000; includeSubdomains; preload";
} }
map $http_origin $allow_origin {
~^https://.+\.${domain}$ $http_origin;
}
map $http_origin $allow_methods {
~^https://.+\.${domain}$ "GET, HEAD, OPTIONS";
}
${config.nginxHeaders} ${config.nginxHeaders}
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";

21
modules/site.nix
View file

@ -10,33 +10,14 @@
}; };
in { in {
services.nginx = enabled { services.nginx = enabled {
appendHttpConfig = ''
map $http_origin $allow_origin {
~^https://.+\.${domain}$ $http_origin;
}
map $http_origin $allow_methods {
~^https://.+\.${domain}$ "GET, HEAD, OPTIONS";
}
'';
virtualHosts.${domain} = merge config.nginxSslTemplate notFoundLocationConfig { virtualHosts.${domain} = merge config.nginxSslTemplate notFoundLocationConfig {
root = sitePath; root = sitePath;
locations."/".tryFiles = "$uri $uri.html $uri/index.html =404"; locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
locations."/assets/".extraConfig = let locations."/assets/".extraConfig = ''
nginxHeaders' = ''
add_header Access-Control-Allow-Origin $allow_origin;
add_header Access-Control-Allow-Methods $allow_methods;
'';
in ''
${config.nginxHeaders}
${nginxHeaders'}
if ($request_method = OPTIONS) { if ($request_method = OPTIONS) {
${config.nginxHeaders} ${config.nginxHeaders}
${nginxHeaders'}
add_header Content-Type text/plain; add_header Content-Type text/plain;
add_header Content-Length 0; add_header Content-Length 0;
return 204; return 204;