blob: 1b480ca856284abb28cb309a9590ca1a07b7be47 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
server.modules += (
"mod_setenv",
"mod_redirect",
)
setenv.add-response-header = (
"Content-Security-Policy" => "default-src 'self'; img-src https:; object-src 'self'; script-src 'self'; style-src 'self'",
"Referrer-Policy" => "no-referrer",
"X-Content-Type-Options" => "nosniff",
"X-Frame-Options" => "SAMEORIGIN",
"X-Permitted-Cross-Domain-Policies" => "none",
"X-XSS-Protection" => "1; mode=block",
)
include_shell "/usr/local/bin/lighttpd-env.sh"
# Redirect to the "official" domain
$HTTP["host"] != var.intendedHost {
$HTTP["url"] !~ "^/.well-known" {
url.redirect = ( "^/(.*)" => var.intendedHostProto + "://" + var.intendedHost + "/$1" )
}
}
# Add CORS header for WKP
$HTTP["url"] =~ "^/.well-known/openpgpkey" {
setenv.add-response-header = (
"Access-Control-Allow-Origin" => "*",
)
}
|