Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: modules/web/templates/adblockplus.org.conf.erb

Issue 29352911: Issue 4420 - Allow embedding YouTube videos on the blog (Closed) Base URL: https://hg.adblockplus.org/infrastructure
Patch Set: Created Sept. 13, 2016, 12:20 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | modules/web/templates/global.conf.erb » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # XSS and clickjacking prevention headers 1 # XSS and clickjacking prevention headers
2 2
3 set $csp_frame ""; 3 set $csp_frame "";
4 if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index|firefox|chrome|opera|android|internet-ex plorer|safari|yandex-browser|maxthon)?$) 4 if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index|firefox|chrome|opera|android|internet-ex plorer|safari|yandex-browser|maxthon)?$|^/blog/)
5 { 5 {
6 set $csp_frame "; frame-src www.youtube-nocookie.com;"; 6 set $csp_frame "; frame-src www.youtube-nocookie.com;";
7 } 7 }
8 add_header Content-Security-Policy "default-src 'self'; img-src * data:; style-s rc 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' $csp_ frame"; 8 add_header Content-Security-Policy "default-src 'self'; img-src * data:; style-s rc 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' $csp_ frame";
9 add_header X-Frame-Options "sameorigin"; 9 add_header X-Frame-Options "sameorigin";
10 10
11 # User agent sniffing 11 # User agent sniffing
12 12
13 set $user_agent ""; 13 set $user_agent "";
14 set $index_page ""; 14 set $index_page "";
(...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after
311 location /403.html 311 location /403.html
312 { 312 {
313 try_files $uri @proxied; 313 try_files $uri @proxied;
314 } 314 }
315 location @proxied 315 location @proxied
316 { 316 {
317 proxy_pass https://server16.adblockplus.org; 317 proxy_pass https://server16.adblockplus.org;
318 proxy_set_header Host adblockplus.org; 318 proxy_set_header Host adblockplus.org;
319 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 319 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
320 } 320 }
OLDNEW
« no previous file with comments | « no previous file | modules/web/templates/global.conf.erb » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld