Add .wasm file extension for javascript

2024-03-01 07:18:18 +00:00
parent acc4a64622
commit e5da9c9c54
1 changed files with 21 additions and 15 deletions
--- a/roles/webserver/templates/conf.d/cloud.conf.j2
+++ b/roles/webserver/templates/conf.d/cloud.conf.j2
@@ -7,15 +7,18 @@ upstream nextcloud-notify-push {
 # Set the `immutable` cache control options only for assets with a cache busting `v` argument
 map $arg_v $asset_immutable {
    "" "";
-    default "immutable";
+    default ", immutable";
 }

-
 server {
    listen 80;
    listen [::]:80;
    server_name {{ nextcloud_domain_name }} www.{{ nextcloud_domain_name }};
-    # enforce https
+
+    # Prevent nginx HTTP Server Detection
+    server_tokens off;
+
+    # Enforce HTTPS
    return 301 https://$server_name$request_uri;
 }

@@ -32,6 +35,9 @@ server {
    # Path to the root of your installation
    root {{ nextcloud_dir }};

+    # Prevent nginx HTTP Server Detection
+    server_tokens off;
+
    # HSTS settings
    # WARNING: Only add the preload option once you read about
    # the consequences in https://hstspreload.org/. This option
@@ -70,20 +76,17 @@ server {
    add_header X-Robots-Tag                      "noindex, nofollow" always;
    add_header X-XSS-Protection                  "1; mode=block"     always;

-    # Add Alt-Svc header to negotiate HTTP/3.
-    add_header Alt-Svc 'h2=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400' always;
-    add_header x-quic 'h3' always;
-
    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

-    # Add .mjs as a file extension for javascript
+    # Set .mjs and .wasm MIME types
    # Either include it in the default mime.types list
-    # or include you can include that list explicitly and add the file extension
+    # and include that list explicitly or add the file extension
    # only for Nextcloud like below:
    include mime.types;
    types {
        text/javascript js mjs;
+	application/wasm wasm;
    }

    # Specify how to handle directories -- specifying `/index.php$request_uri`
@@ -165,12 +168,15 @@ server {
    # Serve static files
    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
        try_files $uri /index.php$request_uri;
-        add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+        # HTTP response headers borrowed from Nextcloud `.htaccess`
+        add_header Cache-Control                     "public, max-age=15778463$asset_immutable";
+        add_header Referrer-Policy                   "no-referrer"       always;
+        add_header X-Content-Type-Options            "nosniff"           always;
+        add_header X-Frame-Options                   "SAMEORIGIN"        always;
+        add_header X-Permitted-Cross-Domain-Policies "none"              always;
+        add_header X-Robots-Tag                      "noindex, nofollow" always;
+        add_header X-XSS-Protection                  "1; mode=block"     always;
        access_log off;     # Optional: Don't log access to assets
-
-        location ~ \.wasm$ {
-            default_type application/wasm;
-        }
    }

    location ~ \.woff2?$ {
@@ -196,4 +202,4 @@ server {
    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
-}
+}