Use regexp in MIME-types based maps

2019-03-09 02:44:10 +01:00 · 2019-03-09 02:44:10 +01:00 · db1601f606
parent 06e5fc8445
commit db1601f606
1 changed files with 13 additions and 25 deletions
--- a/nginx.conf
+++ b/nginx.conf
@ -99,59 +99,47 @@ http {
  # Add X-XSS-Protection for HTML documents.
  # h5bp/security/x-xss-protection.conf
  map $sent_http_content_type $x_xss_protection {
-    #         (1)    (2)
-    text/html "1; mode=block";
+    #           (1)    (2)
+    ~*text/html "1; mode=block";
  }

  # Add X-Frame-Options for HTML documents.
  # h5bp/security/x-frame-options.conf
  map $sent_http_content_type $x_frame_options {
-    text/html DENY;
+    ~*text/html DENY;
  }

  # Add Content-Security-Policy for HTML documents.
  # h5bp/security/content-security-policy.conf
  map $sent_http_content_type $content_security_policy {
-    text/html "script-src 'self'; object-src 'self'";
+    ~*text/html "script-src 'self'; object-src 'self'";
  }

  # Add Referrer-Policy for HTML documents.
  # h5bp/security/referrer-policy.conf.conf
  map $sent_http_content_type $referrer_policy {
-    text/html "no-referrer-when-downgrade";
+    ~*text/html "no-referrer-when-downgrade";
  }

  # Add X-UA-Compatible for HTML documents.
  # h5bp/internet_explorer/x-ua-compatible.conf
  map $sent_http_content_type $x_ua_compatible {
-    text/html "IE=edge";
+    ~*text/html "IE=edge";
  }

  # Add Access-Control-Allow-Origin.
  # h5bp/cross-origin/requests.conf
  map $sent_http_content_type $cors {
    # Images
-    image/bmp     "*";
-    image/gif     "*";
-    image/jpeg    "*";
-    image/png     "*";
-    image/svg+xml "*";
-    image/webp    "*";
-    image/x-icon  "*";
+    ~*image/ "*";

    # Web fonts
-    font/collection               "*";
-    application/vnd.ms-fontobject "*";
-    font/eot                      "*";
-    font/opentype                 "*";
-    font/otf                      "*";
-    application/x-font-ttf        "*";
-    font/ttf                      "*";
-    application/font-woff         "*";
-    application/x-font-woff       "*";
-    font/woff                     "*";
-    application/font-woff2        "*";
-    font/woff2                    "*";
+    ~*font/                         "*";
+    ~*application/vnd.ms-fontobject "*";
+    ~*application/x-font-ttf        "*";
+    ~*application/font-woff         "*";
+    ~*application/x-font-woff       "*";
+    ~*application/font-woff2        "*";
  }

  # Include files in the conf.d folder.