...
 
Commits (3)
This diff is collapsed.
......@@ -6,6 +6,7 @@
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN";
add_header Referrer-Policy no-referrer;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
......@@ -26,7 +27,7 @@ location = /.well-known/caldav {
}
location / {
rewrite ^ /index.php$request_uri;
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
......@@ -37,9 +38,9 @@ location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
include fastcgi.conf;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
......@@ -69,4 +70,3 @@ location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
# Don't log access to these assets.
access_log off;
}
......@@ -52,5 +52,5 @@ location ~* /wp-content/uploads/.*\.php$ {
deny all;
}
# Rewrite robots.txt
rewrite ^/robots.txt$ /index.php last;
# Rewrite robots.txt.
rewrite ^/robots\.txt$ /index.php last;