tildefy and add CSP

1 files changed, 12 insertions, 18 deletions

diff --git a/server.conf b/server.conf
index de6ab08..aa75869 100644
--- a/server.conf
+++ b/server.conf
@@ -5,39 +5,33 @@ location /.well-known/ {
 	root /var/www/localhost/htdocs;
 }
 
-location ~ "^/([^/]+)/(.+/objects/[0-9a-f]{2}/[0-9a-f]{38})$" {
-	alias /home/$1/$2;
+location ~ "^/(~[^/]+)/(.+/objects/[0-9a-f]{2}/[0-9a-f]{38})$" {
+	root /opt/cgit-space/users;
 	add_header Handler "git object" always;
 }
-location ~ "^/[^/]+/.*\.git/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack)$" {
+location ~ "^/~[^/]+/.*\.git/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack)$" {
 	fastcgi_pass 127.0.0.1:1733;
 	include fastcgi-git-http-backend.conf;
 	add_header Handler "git-http-backend" always;
 }
-location ~ /.+/ {
+location ~ ^/~.+/ {
+	add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' 'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='; style-src $http_host/extra-cgit.css $http_host/cgit/ 'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='";
+
 	fastcgi_pass 127.0.0.1:1733;
 	include fastcgi-cgit.conf;
 	add_header Handler "cgit" always;
 }
-location = / {
-	try_files /dev/null @index;
-}
-location = /index.html {
-	try_files /dev/null @index;
-}
-location @index {
+
+location / {
 	root /home/cgitspace/www/public;
-	fastcgi_index index.html;
 	try_files $uri $uri/ =404;
-	fastcgi_pass unix:/run/php-fpm/cgit.sock;
-	include fastcgi_params;
 }
-location / {
-	if (-d /home/$uri) {
-		return 301 $uri/;
-	}
+location ~ ^/[^/]+\.html($|/) {
 	root /home/cgitspace/www/public;
 	try_files $uri $uri/ =404;
+	fastcgi_index index.html;
+	fastcgi_pass unix:/run/php-fpm/cgit.sock;
+	include fastcgi_params;
 }
 location ^~ /cgit/ {
 	alias /usr/share/webapps/cgit/9999-r9999/htdocs/;