diff options
author | Patrick Spek <p.spek@tyil.nl> | 2021-05-22 10:06:01 +0200 |
---|---|---|
committer | Patrick Spek <p.spek@tyil.nl> | 2021-05-22 10:06:01 +0200 |
commit | b22190416684e8ed57aa380c89083985eb0d9a4b (patch) | |
tree | 08bc85bb8f40b1aa622c263debc02c13c77f4adc /src/.docker/lighttpd.conf | |
parent | 0e2897631ec1d5b858929f8bdf1300dedefde244 (diff) |
Move some hidden stuff to the src dir
Diffstat (limited to 'src/.docker/lighttpd.conf')
-rw-r--r-- | src/.docker/lighttpd.conf | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/.docker/lighttpd.conf b/src/.docker/lighttpd.conf new file mode 100644 index 0000000..1b480ca --- /dev/null +++ b/src/.docker/lighttpd.conf @@ -0,0 +1,29 @@ +server.modules += ( + "mod_setenv", + "mod_redirect", +) + +setenv.add-response-header = ( + "Content-Security-Policy" => "default-src 'self'; img-src https:; object-src 'self'; script-src 'self'; style-src 'self'", + "Referrer-Policy" => "no-referrer", + "X-Content-Type-Options" => "nosniff", + "X-Frame-Options" => "SAMEORIGIN", + "X-Permitted-Cross-Domain-Policies" => "none", + "X-XSS-Protection" => "1; mode=block", +) + +include_shell "/usr/local/bin/lighttpd-env.sh" + +# Redirect to the "official" domain +$HTTP["host"] != var.intendedHost { + $HTTP["url"] !~ "^/.well-known" { + url.redirect = ( "^/(.*)" => var.intendedHostProto + "://" + var.intendedHost + "/$1" ) + } +} + +# Add CORS header for WKP +$HTTP["url"] =~ "^/.well-known/openpgpkey" { + setenv.add-response-header = ( + "Access-Control-Allow-Origin" => "*", + ) +} |