Remove default CSPs, add proper caching to the homepage and remove grace cache serving

2020-03-23 16:06:36 +01:00 · 2020-03-23 16:06:36 +01:00 · 74cb825acb
parent 91028573d1
commit 74cb825acb
3 changed files with 2 additions and 10 deletions
--- a/build/HAProxy/Dockerfile
+++ b/build/HAProxy/Dockerfile
@ -1,3 +1,2 @@
 FROM haproxy:alpine
-
 COPY haproxy.conf /usr/local/etc/haproxy/haproxy.cfg
--- a/build/HAProxy/haproxy.conf
+++ b/build/HAProxy/haproxy.conf
@ -53,8 +53,6 @@ frontend https
  http-response replace-header Set-Cookie (.*) \1;\ Secure
  http-response add-header X-Forwarded-Proto https

-  http-response set-header Cache-Control public\ max-age=31536000 if homepage
-
  http-response set-header X-XSS-Protection 1;\ mode=block
  http-response set-header X-Content-Type-Options nosniff
  http-response set-header Referrer-Policy no-referrer-when-downgrade
@ -69,13 +67,13 @@ frontend https

 backend homepage
  server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80 no-check
+  http-response set-header Cache-Control public\ max-age=31536000 
  http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com
  http-request set-header Connection \"\"

 backend grafana
  server-template grafana-docker 5 tasks.tig_grafana:3000
  option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu
-  http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests

 backend fedi
  server pleroma-docker tasks.pleroma_server:4000
@ -84,11 +82,9 @@ backend fedi
 backend git
  server git-docker tasks.git_gitea:3000
  option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu
-  http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ https:\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests

 backend transmission
  server transmission-docker tasks.seedbox_transmission:9091
-  http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests

 backend seedown
  server httpd-seedown tasks.seedbox_httpd:80
--- a/build/Varnish/varnish.vcl
+++ b/build/Varnish/varnish.vcl
@ -36,10 +36,7 @@ sub vcl_hash {
 	return (lookup);
 }
 sub vcl_hit {
-	if (obj.ttl + obj.grace > 0s) {
-		return (deliver);
-	}
-	return (pass);
+	return (deliver);
 }
 sub vcl_miss {
 	return (fetch);