Don Marti
aa83cedf5c
Add "browsing-topics" to Permissions-Policy header
...
Google is currently testing "Topics API," a new proposal for transferring user interests among sites, currently up to about 5% of Google Chrome users ( https://groups.google.com/a/chromium.org/g/blink-dev/c/Vi-Rj37aZLs/m/wzeBWfxxEgAJ )
This may be appropriate for some ad-supported sites, or sites that run landing pages for ads, but can present risks to users in other contexts. Probably safest to set this header to opt out and then let the site administrator change it if they want to use "Topics API" and understand the compliance and security consequences.
There is an existing opt-out for WordPress that does both this and the earlier FLoC system: https://roytanck.com/2021/04/15/opt-out-of-floc-on-your-wordpress-website/
2023-04-14 22:18:18 +02:00
Léo Colombaro
373d86a396
Document `Cache-Control`
2022-12-05 20:08:47 +01:00
Léo Colombaro
9fa553bbc4
Use proper `Cache-Control` values
2022-12-05 20:08:47 +01:00
Léo Colombaro
015a18f33a
Fix inline alignement
2022-12-05 14:21:28 +01:00
Léo Colombaro
fbdaa3f867
Add custom files include ability
...
Closes #283
2021-09-15 00:00:42 +02:00
Léo Colombaro
4a40f258a2
Use latest server-configs-test and align requirements
2021-06-29 00:54:40 +02:00
Léo Colombaro
25a569d97d
Add Cross Origin Policies headers
...
Ref https://github.com/h5bp/server-configs-apache/issues/250
2021-06-28 14:46:32 +02:00
Léo Colombaro
36310b927b
Add `Permissions-Policy` header
...
Ref https://github.com/h5bp/server-configs-apache/issues/179
2021-06-28 14:43:00 +02:00
Léo Colombaro
8600df1018
Make `Content-Security-Policy` disallow 'object-src' by default
...
Ref https://github.com/h5bp/server-configs-apache/issues/190
2021-06-28 14:28:44 +02:00
Léo Colombaro
836467c8b5
Drop `X-XSS-Protection` header usage as per its deprecation
...
Ref https://github.com/h5bp/server-configs-apache/pull/253
Ref https://github.com/h5bp/server-configs-apache/issues/198
Closes https://github.com/h5bp/server-configs-nginx/pull/260
2021-06-14 01:14:22 +02:00
Léo Colombaro
4556277ced
Drop `X-UA-Compatible` header usage as per IE deprecation
...
Ref https://github.com/h5bp/server-configs-apache/issues/210
Ref https://github.com/h5bp/server-configs-apache/issues/182
2021-06-14 01:14:22 +02:00
Léo Colombaro
3615dfa351
Expand responses to include Referrer Policy
2020-04-13 14:44:29 +02:00
Léo Colombaro
41689406c8
Expand responses to include CSP
...
Ref: https://github.com/h5bp/server-configs-apache/issues/187
2020-04-13 14:44:29 +02:00
Léo Colombaro
e0724b8149
Stricter default for Referrer Policy
...
Ref: https://github.com/h5bp/server-configs-apache/pull/204
2020-01-03 19:36:51 +01:00
Pete Cooper
67c54c53f1
Documentation formatting and reviewing ( #232 )
...
No code changes, some config reordering
2019-05-15 23:20:10 +02:00
Léo Colombaro
276af8da7b
Improve default Content-Security-Policy value ( #224 )
...
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
Léo Colombaro
db1601f606
Use regexp in MIME-types based maps
2019-03-09 02:44:10 +01:00
Léo Colombaro
f600128203
Add Referrer-Policy for html document by default
2019-02-13 14:31:53 +01:00
Léo Colombaro
6dd4cc27ed
Switch from location directives to maps based on MIME-types
...
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
Léo Colombaro
2d135053cb
Move MIME-type and charset declaration into their own conf files
2019-02-10 20:40:50 +01:00
Léo Colombaro
8919496406
Remove outdated docs and fix repo structure
...
Trying to make maintenance as easier as we can
2019-02-04 14:09:06 +01:00
Léo Colombaro
306af367e9
Move server config to conf.d folder
...
Aligning with nginx docker image
Fix #95
2019-02-01 21:57:51 +01:00
Léo Colombaro
3071e67d04
Tweaks and lint
2018-11-25 22:07:01 +01:00
Léo Colombaro
496af1cfd5
Split directives to enforce atomic structure
...
* Enforce H5BP style
* Improve inline documentation to simplify maintenance
* Prepare v3
2018-11-23 17:19:51 +01:00
Léo Colombaro
e38617e7fb
Switch to `https` when possible
2018-11-23 13:15:44 +01:00
Andrea Falco
94262e7610
Changed GeoJSON and RDF media type ( #186 )
...
* Updated GeoJSON media type
Following https://tools.ietf.org/html/rfc7946#section-12
* Updated RDF media type
Following https://tools.ietf.org/html/rfc3870#section-2
2018-11-23 12:56:17 +01:00
Léo Colombaro
70ae5ded27
reflect mime changes in nginx.conf
2018-11-23 11:46:32 +01:00
Andy Dawson
3bda5b93ed
Add defaults to all directives in nginx.conf
...
The reason most of these are changed is already covered by the existing
doc block
closes #127
2017-05-06 18:30:09 +02:00
Tobias Reich
294e08557c
Updated gzip_types and charset_types
...
… both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed).
2016-08-20 17:17:01 +02:00
Craig Davison
73db8ccfd2
Fix typo
2016-03-22 15:27:19 +00:00
Craig Davison
605ec6f8c3
Improve comments in nginx.conf
2016-03-22 15:27:18 +00:00
Andy Dawson
029821b1a8
Merge pull request #130 from davisonio/specify-keepalive_timeout
...
Specify that keepalive_timeout is in seconds
2016-01-29 21:11:41 +01:00
Andy Dawson
740ba774f5
Merge pull request #124 from appleboy/patch-3
...
fix format.
2016-01-29 21:10:25 +01:00
Craig Davison
7c3a67131c
Change default value in comment
2016-01-23 14:05:55 +00:00
Craig Davison
35434b3361
Specify that keepalive_timeout is in seconds
2016-01-23 13:59:22 +00:00
Bo-Yi Wu
3270937c3a
fix format.
...
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2015-12-04 22:25:31 +08:00
beilharz
5934741e15
Update nginx.conf
...
Typo: sites-available should be sites-enabled
2015-11-25 09:49:15 +01:00
Andy Dawson
e2ab3b5800
Merge pull request #112 from philippbecker/mime-types
...
Update media types
2015-09-11 10:49:24 +02:00
Andy Dawson
0932b4d10c
Merge pull request #111 from pentago/master
...
Added FreeBSD w/ ZFS performance instructions
2015-09-11 10:46:34 +02:00
St. Isidore de Seville
19d0f8ffbf
fix #113
2015-08-29 21:05:56 -04:00
Philipp Becker
f719f3e8e4
Update media types in `nginx.conf`
2015-07-21 11:34:05 +02:00
Goran
dc3bae07ad
Added FreeBSD w/ ZFS performance instructions
...
On FreeBSD systems with ZFS, sendfile() is useless as ZFS's caching subsystem (adaptive replacement cache a.k.a ARC) already caches most frequently used files in RAM. Disabling sendfile() avoids redundant data caching.
References:
https://calomel.org/nginx.html
http://blog.vx.sk/uploads/conferences/EuroBSDcon2012/zfs-tuning-handout.pdf
2015-07-06 19:10:45 +02:00
Eric Andrew Lewis
01af1c1e43
Add an inline documentation link to the sites-enabled documentation page.
2015-06-12 09:52:16 -04:00
Eric Lewis
01cefcda17
Explain why everything in the sites-enabled folder is included
2015-06-11 10:27:20 -04:00
Cătălin Mariș
6c1793bb68
Update the list of resources to be compressed
...
Ref: a0c4e17190/src/web_performance/compression.conf
2015-03-25 11:10:39 +02:00
Andy Dawson
3db5d61f81
Merge pull request #55 from cannie/patch-1
...
Use relative path for mime.types
2014-08-13 16:23:27 +02:00
Vladimir Sazhin
a83dd2d119
Use relative path for mime.types
2014-08-13 15:00:14 +04:00
Drew Hammond
d8891a1b4c
Remove gzip_http_version parameter
...
The gzip_http_version override is no longer needed because CloudFront
now forwards requests using HTTP/1.1. We can remove this line entirely
and let nginx use its default value of 1.1.
2014-07-31 22:48:09 -04:00
AD7six
b5004a9b46
don't include ssl config by default
...
If the server has no ssl config - there's no need to load a config file
full of ssl config
2014-07-28 14:44:28 +00:00
AD7six
029ff47286
move ssl config to a seperate file
2014-07-28 14:08:19 +00:00