filesafe/docker/nginx/nginxconfig.io/security.conf

# security headers

# Consider configuring "helmet" option in config.js instead, if applicable.
# Said options will limit the header tags only to pages served by lolisafe service,
# and not the uploaded files that will instead be directly served by nginx.

#add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; media-src 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:";
add_header Permissions-Policy "accelerometer=(), autoplay=(self), camera=(self), fullscreen=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), sync-xhr=(self), usb=(self)";

# . files
location ~ /\.(?!well-known) {
    deny all;
}
feat: adapt docker config from upstream 2022-06-22 08:40:52 +00:00			`# security headers`

			`# Consider configuring "helmet" option in config.js instead, if applicable.`
			`# Said options will limit the header tags only to pages served by lolisafe service,`
			`# and not the uploaded files that will instead be directly served by nginx.`

			`#add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; media-src 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com; worker-src 'self' blob:";`
			`add_header Permissions-Policy "accelerometer=(), autoplay=(self), camera=(self), fullscreen=(self), gyroscope=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), sync-xhr=(self), usb=(self)";`

			`# . files`
			`location ~ /\.(?!well-known) {`
			`deny all;`
			`}`