diff options
| author |  steering7253 | 2026-04-29 19:18:52 -0600 |
|---|---|---|
| committer | steering7253 | 2026-04-29 19:18:52 -0600 |
| commit | fd475de13541c3727fd6696a9ac0317313472b25 (patch) | |
| tree | 1a3f21c5f3e319b81817e05f1e6466ef5656817c /server.conf | |
| parent | tildefy and add CSP (diff) | |
harden config
Diffstat (limited to 'server.conf')
| -rw-r--r-- | server.conf | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/server.conf b/server.conf index aa75869..28bb8fb 100644 --- a/server.conf +++ b/server.conf @@ -14,7 +14,16 @@ location ~ "^/~[^/]+/.*\.git/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0- include fastcgi-git-http-backend.conf; add_header Handler "git-http-backend" always; } -location ~ ^/~.+/ { + +location ~ ^/~[^/]+$ { + if (-d /opt/cgit-space/users$uri) { + return 301 $uri/; + } +} +location ~ ^/(~[^/]+)/ { + if (!-d /opt/cgit-space/users/$1) { + return 404; + } add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' 'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='; style-src $http_host/extra-cgit.css $http_host/cgit/ 'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='"; fastcgi_pass 127.0.0.1:1733; |