Add docs.clan.lol and localhost to CORS whitelist
All checks were successful
buildbot/nix-build .#checks.x86_64-linux.package-clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-default Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-flake-update Build done.
buildbot/nix-build .#checks.x86_64-linux.treefmt Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-ensure-tea-login Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-create-pr Build done.
buildbot/nix-build .#checks.x86_64-linux.package-gitea Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-flake-update-pr-clan Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-homepage Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-core Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-infra Build done.
buildbot/nix-build .#checks.x86_64-linux.package-renovate Build done.
buildbot/nix-build .#checks.x86_64-linux.nixos-web01 Build done.
buildbot/nix-eval Build done.

This commit is contained in:
Luis Hebendanz 2024-05-16 14:50:07 +02:00
parent 8c1adb2e11
commit 3fe170102a
2 changed files with 33 additions and 6 deletions

View File

@ -50,10 +50,8 @@ in
services.nginx.virtualHosts."git.clan.lol" = publog {
forceSSL = true;
enableACME = true;
# The add_header directive is used to set the Content-Security-Policy header to allow embedding the Gitea instance in an iframe on the pad.lassul.us instance.
locations."/".extraConfig = ''
proxy_pass http://localhost:3002;
add_header Content-Security-Policy "frame-ancestors 'self' https://pad.lassul.us";
'';
};
}

View File

@ -36,9 +36,38 @@
source_charset utf-8;
'';
# Make sure to expire the cache after 1 hour
locations."/".extraConfig = ''
add_header Cache-Control "public, max-age=3600";
set $cors "false";
# Allow cross-origin requests from docs.clan.lol
if ($http_origin = "https://docs.clan.lol") {
set $cors "true";
}
# Allow cross-origin requests from localhost IPs with port 8000
if ($http_origin = "http://localhost:8000") {
set $cors "true";
}
if ($http_origin = "http://127.0.0.1:8000") {
set $cors "true";
}
if ($http_origin = "http://[::1]:8000") {
set $cors "true";
}
if ($cors = "true") {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
}
if ($cors = "true") {
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always;
}
'';
locations."^~ /docs".extraConfig = ''
rewrite ^/docs(.*)$ https://docs.clan.lol permanent;
@ -56,9 +85,9 @@
source_charset utf-8;
'';
# Make sure to expire the cache after 1 hour
# Make sure to expire the cache after 12 hour
locations."/".extraConfig = ''
add_header Cache-Control "public, max-age=3600";
add_header Cache-Control "public, max-age=43200";
'';
};