diff --git a/h5bp/directive-only/extra-security.conf b/h5bp/directive-only/extra-security.conf index dcc5fba..cf3e84b 100644 --- a/h5bp/directive-only/extra-security.conf +++ b/h5bp/directive-only/extra-security.conf @@ -1,15 +1,15 @@ # The X-Frame-Options header indicates whether a browser should be allowed # to render a page within a frame or iframe. add_header X-Frame-Options SAMEORIGIN; - + # MIME type sniffing security protection # There are very few edge cases where you wouldn't want this enabled. add_header X-Content-Type-Options nosniff; - + # The X-XSS-Protection header is used by Internet Explorer version 8+ # The header instructs IE to enable its inbuilt anti-cross-site scripting filter. add_header X-XSS-Protection "1; mode=block"; - + # with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy), # you can tell the browser that it can only download content from the domains you explicitly allow # CSP can be quite difficult to configure, and cause real issues if you get it wrong diff --git a/h5bp/directive-only/spdy.conf b/h5bp/directive-only/spdy.conf index f65912b..71c9a06 100644 --- a/h5bp/directive-only/spdy.conf +++ b/h5bp/directive-only/spdy.conf @@ -1,7 +1,7 @@ # Nginx's spdy module is compiled by default from 1.6 # SPDY only works on HTTPS connections -# Inform browser of SPDY availability +# Inform browser of SPDY availability add_header Alternate-Protocol 443:npn-spdy/3; # Adjust connection keepalive for SPDY clients: diff --git a/h5bp/directive-only/ssl-stapling.conf b/h5bp/directive-only/ssl-stapling.conf index 0c65fc9..d15bf97 100644 --- a/h5bp/directive-only/ssl-stapling.conf +++ b/h5bp/directive-only/ssl-stapling.conf @@ -3,7 +3,7 @@ ssl_stapling on; ssl_stapling_verify on; #trusted cert must be made up of your intermediate certificate followed by root certificate -#ssl_trusted_certificate /path/to/ca.crt; +#ssl_trusted_certificate /path/to/ca.crt; resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s; resolver_timeout 2s; diff --git a/h5bp/location/cache-busting.conf b/h5bp/location/cache-busting.conf index 72e7bc1..6afe34a 100644 --- a/h5bp/location/cache-busting.conf +++ b/h5bp/location/cache-busting.conf @@ -6,5 +6,5 @@ # This is not included by default, because it'd be better if you use the build # script to manage the file names. location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ { - try_files $uri $1.$2; + try_files $uri $1.$2; } diff --git a/h5bp/location/cross-domain-fonts.conf b/h5bp/location/cross-domain-fonts.conf index 9e6df0c..b55ee6b 100644 --- a/h5bp/location/cross-domain-fonts.conf +++ b/h5bp/location/cross-domain-fonts.conf @@ -1,13 +1,13 @@ # Cross domain webfont access location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ { - include h5bp/directive-only/cross-domain-insecure.conf; + include h5bp/directive-only/cross-domain-insecure.conf; - # Also, set cache rules for webfonts. - # - # See http://wiki.nginx.org/HttpCoreModule#location - # And https://github.com/h5bp/server-configs/issues/85 - # And https://github.com/h5bp/server-configs/issues/86 - expires 1M; - access_log off; - add_header Cache-Control "public"; + # Also, set cache rules for webfonts. + # + # See http://wiki.nginx.org/HttpCoreModule#location + # And https://github.com/h5bp/server-configs/issues/85 + # And https://github.com/h5bp/server-configs/issues/86 + expires 1M; + access_log off; + add_header Cache-Control "public"; } diff --git a/h5bp/location/protect-system-files.conf b/h5bp/location/protect-system-files.conf index 81aa96c..128c49a 100644 --- a/h5bp/location/protect-system-files.conf +++ b/h5bp/location/protect-system-files.conf @@ -4,10 +4,10 @@ # https://www.mnot.net/blog/2010/04/07/well-known # https://tools.ietf.org/html/rfc5785 location ~* /\.(?!well-known\/) { - deny all; + deny all; } # Prevent clients from accessing to backup/config/source files location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { - deny all; + deny all; } diff --git a/nginx.conf b/nginx.conf index 8477df2..8fbfbcd 100644 --- a/nginx.conf +++ b/nginx.conf @@ -57,7 +57,7 @@ http { # Speed up file transfers by using sendfile() to copy directly # between descriptors rather than using read()/write(). - # For performance reasons, on FreeBSD systems w/ ZFS + # For performance reasons, on FreeBSD systems w/ ZFS # this option should be disabled as ZFS's ARC caches # frequently used files in RAM by default. sendfile on;