marcogll/TaxHacker_s23
1
0
Fork 0
mirror of https://github.com/marcogll/TaxHacker_s23.git synced 2026-01-13 13:25:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: activate live pricing

Browse Source
This commit is contained in:
Vasily Zubarev
2025-04-24 20:19:57 +02:00
parent b4045930e2
commit 088d596480
5 changed files with 28 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
etc/nginx/taxhacker.app.conf
View File

@@ -7,27 +7,33 @@ server {
charset utf-8;
client_max_body_size 256M;
set_real_ip_from 172.17.0.0/16;
set_real_ip_from 172.17.0.0/16;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
ssl_certificate /home/vas3k/certs/pubkey.pem;
ssl_certificate /home/vas3k/certs/pubkey.pem;
ssl_certificate_key /home/vas3k/certs/privkey.pem;
location / {
add_header "Access-Control-Allow-Origin" "*";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
add_header "Access-Control-Expose-Headers" "Content-Length,Content-Range";
add_header "Strict-Transport-Security" "max-age=31536000;includeSubDomains";
add_header "X-Content-Type-Options" "nosniff";
add_header "Referrer-Policy" "strict-origin-when-cross-origin";
add_header "Permissions-Policy" "accelerometer=(),camera=(),geolocation=(self 'https://taxhacker.app'),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()";
# Global security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-Frame-Options "DENY" always;
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()" always;
add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self';" always;
location / {
# CORS headers (adjust if needed)
add_header Access-Control-Allow-Origin "https://taxhacker.app";
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
add_header Access-Control-Expose-Headers "Content-Length,Content-Range";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header "Host" $http_host;
proxy_set_header "X-Forwarded-Host" $host;
proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
proxy_set_header "X-Forwarded-Proto" $scheme;
proxy_redirect off;
proxy_buffering off;