From fd475de13541c3727fd6696a9ac0317313472b25 Mon Sep 17 00:00:00 2001
From: steering7253
Date: Wed, 29 Apr 2026 19:18:52 -0600
Subject: harden config

---
 server.conf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'server.conf')

diff --git a/server.conf b/server.conf
index aa75869..28bb8fb 100644
--- a/server.conf
+++ b/server.conf
@@ -14,7 +14,16 @@ location ~ "^/~[^/]+/.*\.git/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-
 	include fastcgi-git-http-backend.conf;
 	add_header Handler "git-http-backend" always;
 }
-location ~ ^/~.+/ {
+
+location ~ ^/~[^/]+$ {
+	if (-d /opt/cgit-space/users$uri) {
+		return 301 $uri/;
+	}
+}
+location ~ ^/(~[^/]+)/ {
+	if (!-d /opt/cgit-space/users/$1) {
+		return 404;
+	}
 	add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' 'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='; style-src $http_host/extra-cgit.css $http_host/cgit/ 'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='";
 
 	fastcgi_pass 127.0.0.1:1733;
-- 
cgit v1.3.1-10-gc9f91