mirror/AdventureLog
1
0
Fork 0
mirror of https://github.com/seanmorley15/AdventureLog.git synced 2026-02-07 05:10:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add X-Accel-Redirect for serving protected media files with security headers

Browse Source
This commit is contained in:
Sean Morley
2026-01-13 22:43:02 -05:00
parent b650a3d646
commit 6dfcd87c09
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
aio/nginx.conf
View File

@@ -129,6 +129,20 @@ http {
proxy_redirect http://127.0.0.1/ $scheme://$http_host/;
}
# Serve protected media files with X-Accel-Redirect
location /protectedMedia/ {
internal; # Only internal requests are allowed
alias /code/backend/server/media/; # This should match Django MEDIA_ROOT
try_files $uri =404; # Return a 404 if the file doesn't exist
# Security headers for all protected files
add_header Content-Security-Policy "default-src 'self'; script-src 'none'; object-src 'none'; base-uri 'none'" always;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
}
# Everything else to frontend (SvelteKit)
location / {
proxy_pass http://frontend_upstream;