mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
30 lines
1 KiB
PHP
30 lines
1 KiB
PHP
# Avoid the nginx path/alias traversal weakness ( #1037 )
|
|
rewrite ^/yunohost/admin$ /yunohost/admin/ permanent;
|
|
|
|
location /yunohost/admin/ {
|
|
alias /usr/share/yunohost/admin/;
|
|
default_type text/html;
|
|
index index.html;
|
|
|
|
{% if webadmin_allowlist_enabled == "True" %}
|
|
{% if webadmin_allowlist.strip() -%}
|
|
{% for ip in webadmin_allowlist.strip().split(',') -%}
|
|
allow {{ ip.strip() }};
|
|
{% endfor -%}
|
|
{% endif -%}
|
|
deny all;
|
|
{% endif %}
|
|
|
|
location = /yunohost/admin/index.html {
|
|
etag off;
|
|
expires off;
|
|
more_set_headers "Cache-Control: no-store, no-cache, must-revalidate";
|
|
}
|
|
|
|
location /yunohost/admin/applogos/ {
|
|
alias /usr/share/yunohost/applogos/;
|
|
}
|
|
|
|
more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:;";
|
|
more_set_headers "Content-Security-Policy-Report-Only:";
|
|
}
|