Spaces:
Running
Running
Security bug fix that allowed all static files being served including .git
Browse files- nginx.conf +12 -0
nginx.conf
CHANGED
|
@@ -8,6 +8,18 @@ server {
|
|
| 8 |
try_files $uri $uri/ /index.html;
|
| 9 |
}
|
| 10 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
# Disable caching for all files
|
| 12 |
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
|
| 13 |
add_header Pragma "no-cache";
|
|
|
|
| 8 |
try_files $uri $uri/ /index.html;
|
| 9 |
}
|
| 10 |
|
| 11 |
+
# Explicitly deny access to the .git directory
|
| 12 |
+
location /.git {
|
| 13 |
+
deny all;
|
| 14 |
+
return 404;
|
| 15 |
+
}
|
| 16 |
+
|
| 17 |
+
# Allow only .html, .js, and .json files; deny everything else with extensions
|
| 18 |
+
location ~* \.(?!html$|js$|json$)[^./]+$ {
|
| 19 |
+
deny all;
|
| 20 |
+
return 403;
|
| 21 |
+
}
|
| 22 |
+
|
| 23 |
# Disable caching for all files
|
| 24 |
add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0";
|
| 25 |
add_header Pragma "no-cache";
|