From 11705f24ca3d53f3055ec39a6e8f65c76e20652e Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Tue, 4 Jul 2017 01:19:07 +0200
Subject: [PATCH] [NoFix] Conf Nginx

---
 conf/nginx.conf | 77 ++++++++++++++++++++++---------------------------
 1 file changed, 34 insertions(+), 43 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index b81156c..d7f0641 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,54 +1,45 @@
 root ROOT_PATH;
 index index.html;
 
-if ($args ~ ver=) {
-    set $cacheControl max-age=31536000;
-}
-# Will not set any header if it is emptystring
-add_header Cache-Control $cacheControl;
-
-set $styleSrc   "'unsafe-inline' 'self'";
-    set $scriptSrc  "'self'";
-    set $connectSrc "'self' wss://cryptpad.fr wss://api.cryptpad.fr";
-    set $fontSrc    "'self'";
-    set $imgSrc     "data: *";
-    set $frameSrc   "'self' beta.cryptpad.fr";
-
-    if ($uri = /pad/inner.html) {
-        set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline'";
-    }
-    add_header Content-Security-Policy "default-src 'none'; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc;";
-
-    location = /cryptpad_websocket {
-        proxy_pass http://localhost:3000;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-#       add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-        # WebSocket support (nginx 1.4)
+location / {
+        proxy_pass http://localhost:3000/;
+        add_header X-Frame-Options SAMEORIGIN;
+        proxy_set_header    Host $host;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection upgrade;
-    }
 
-    location ^~ /customize.dist/ {
-        # This is needed in order to prevent infinite recursion between /customize/ and the root
-    }
-    location ^~ /customize/ {
-        rewrite ^/customize/(.*)$ $1 break;
-        try_files /customize/$uri /customize.dist/$uri;
-    }
-    location = /api/config {
+}
+
+location = /api/config {
         default_type text/javascript;
         rewrite ^.*$ /customize/api/config break;
-    }
+}
 
-    ## TODO fix in the code so that we don't need this
-    location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ {
-        rewrite ^(.*)$ $1/ redirect;
-    }
+if ($uri = /pad/inner.html) {
+    set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline'";
+}
 
-    try_files /www/$uri /www/$uri/index.html /customize/$uri;
-	# Include SSOWAT user panel.
-     include conf.d/yunohost_panel.conf.inc;
+
+location = /cryptpad_websocket {
+    proxy_pass http://localhost:3000;
+}
+
+location ^~ /customize.dist/ {
+    # This is needed in order to prevent infinite recursion between /customize/ and the root
+}
+
+location ^~ /customize/ {
+   rewrite ^/customize/(.*)$ $1 break;
+   try_files /customize/$uri /customize.dist/$uri;
+}
+
+
+## TODO fix in the code so that we don't need this
+location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ {
+    rewrite ^(.*)$ $1/ redirect;
+}
+
+try_files /www/$uri /www/$uri/index.html /customize/$uri;
+# Include SSOWAT user panel.
+include conf.d/yunohost_panel.conf.inc;