Matt Hobbs Nooshu
Nooshu
/ nginx.conf
Created
December 27, 2024 00:50
Nginx location block only version of the _headers file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location / { | |
| add_header Access-Control-Allow-Origin "https://nooshu.com" always; | |
| add_header Cache-Control "public, s-maxage=31536000, max-age=31536000" always; | |
| add_header Content-Security-Policy "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests" always; | |
| add_header Cross-Origin-Opener-Policy "same-origin" always; | |
| add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=( |
Nooshu
/ nginx.conf
Created
December 27, 2024 00:45
A complete nginx.conf file for use on DigitalOcean.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| # Security headers | |
| map $sent_http_content_type $x_content_type_options { | |
| default "nosniff"; | |
| } | |
| server { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_headers.c> | |
| Header set Access-Control-Allow-Origin "https://nooshu.com" | |
| Header set Cache-Control "public, s-maxage=31536000, max-age=31536000" | |
| Header set Content-Security-Policy "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests" | |
| Header set Cross-Origin-Opener-Policy "same-origin" | |
| Header set Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "hosting": { | |
| "headers": [ | |
| { | |
| "source": "**", | |
| "headers": [ | |
| { | |
| "key": "Access-Control-Allow-Origin", | |
| "value": "https://nooshu.com" | |
| }, |
Nooshu
/ static.json
Created
December 27, 2024 00:36
Heroku static.json version of the _headers file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "headers": { | |
| "/*": { | |
| "Access-Control-Allow-Origin": "https://nooshu.com", | |
| "Cache-Control": "public, s-maxage=31536000, max-age=31536000", | |
| "Content-Security-Policy": "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests", | |
| "Cross-Origin-Opener-Policy": "same-origin", | |
| "Permissions-Policy": "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geoloca |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services: | |
| - type: web | |
| staticHeaders: | |
| - path: /* | |
| name: Access-Control-Allow-Origin | |
| value: https://nooshu.com | |
| - path: /* | |
| name: Cache-Control | |
| value: "public, s-maxage=31536000, max-age=31536000" | |
| - path: /* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "headers": { | |
| "/*": { | |
| "Access-Control-Allow-Origin": "https://nooshu.com", | |
| "Cache-Control": "public, s-maxage=31536000, max-age=31536000", | |
| "Content-Security-Policy": "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests", | |
| "Cross-Origin-Opener-Policy": "same-origin", | |
| "Permissions-Policy": "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geoloca |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "headers": [ | |
| { | |
| "source": "/(.*)", | |
| "headers": [ | |
| { | |
| "key": "Access-Control-Allow-Origin", | |
| "value": "https://nooshu.com" | |
| }, | |
| { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Access-Control-Allow-Origin: https://nooshu.com | |
| Cache-Control: public, s-maxage=31536000, max-age=31536000 | |
| Content-Security-Policy: base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests | |
| Cross-Origin-Opener-Policy: same-origin | |
| Permissions-Policy: accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),navigation |
Nooshu
/ netlify.toml
Created
December 27, 2024 00:02
A version of my _headers file in Netlify toml format.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [[headers]] | |
| for = "/*" | |
| [headers.values] | |
| Access-Control-Allow-Origin = "https://nooshu.com" | |
| Cache-Control = "public, s-maxage=31536000, max-age=31536000" | |
| Content-Security-Policy = "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests" | |
| Cross-Origin-Opener-Policy = "same-origin" | |
| Permissions-Policy = "accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geo |