diff options
| author | Miquel Lionel <lionel@les-miquelots.net> | 2021-07-02 12:09:24 +0100 |
|---|---|---|
| committer | Miquel Lionel <lionelmiquel@sfr.fr> | 2021-07-04 00:28:00 +0100 |
| commit | 2137a587bb3a314ac13327d4cdb53f0ee8b9d970 (patch) | |
| tree | cea28ad0f1b4782a5eea556f5346f712108d1c6e /nginx-example.conf | |
| parent | 23c6d4753895870224209a44624c1350e934f762 (diff) | |
| download | gpigeon-2137a587bb3a314ac13327d4cdb53f0ee8b9d970.tar.gz gpigeon-2137a587bb3a314ac13327d4cdb53f0ee8b9d970.zip | |
Better way to validate cookies and others improvs
- Added GPLv3+ short header in source files (genpass.pl, gpigeon-template.cgi and link-template-tmpl.cgi).
- Added some security headers in the example nginx configuration
file, and renamed the NGINXCONFDIR variable in the Makefile to SITESENABLED, it makes a bit more sense.
- Hastily drawed a more fitting .ico/mascot for the project
- Tweaked the styles.css to be somewhat more
responsive. Some tags in index.html and
gpigeon-template.cgi and link-template-tmpl.cgi
have now an id for styling.
- Fixed and improved cookie validation.
While working on the multi-user alternative, I
noticed that the ValidCookies() function was flimsy, I
was used eq... I learned about 'cmp' and throwed some UA
and IP address match to make it a bit more robust.
- Improved the genpass.pl script, if you want a
argon2id of your password, you can now launch it in interactive mode with the '-i' arg. It'll fill the ARGON2ID_HASH variable in the existing config.mk with the hash of the provided password
- Fixed inconsistencies in the Makefile. I was overwriting changes
with sed for no good reason instead of using the -i switch ! I also moved
the mail address, mail sender, and gpg id checks to the top of the file
since they are the most important. Also, the 0xlong is not needed in
config.def.mk anymore, we extract via the mail address.
Diffstat (limited to 'nginx-example.conf')
| -rw-r--r-- | nginx-example.conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nginx-example.conf b/nginx-example.conf index 97e5027..f3d9252 100644 --- a/nginx-example.conf +++ b/nginx-example.conf @@ -30,5 +30,11 @@ server { fastcgi_pass unix:/run/fcgiwrap.sock; include /etc/nginx/fastcgi_params; } + + add_header Strict-Transport-Security "max-age=63072000; preload"; + add_header Content-Security-Policy "default-src 'self'"; + add_header X-Frame-Options DENY; + add_header Access-Control-Allow-Origin https://$server_name; + add_header Vary Origin; # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#cors_and_caching } |