Add opt-out-of-FLoC headers by default
This commit is contained in:
parent
7fa7e3e5a6
commit
e00ef04b57
@ -239,6 +239,16 @@ matrix_nginx_proxy_proxy_event_additional_configuration_blocks: []
|
|||||||
# A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf).
|
# A list of strings containing additional configuration blocks to add to the nginx http's server configuration (nginx-http.conf).
|
||||||
matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_http_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
|
# Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses for all vhosts meant to be accessed by users.
|
||||||
|
#
|
||||||
|
# Learn more about what it is here:
|
||||||
|
# - https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
|
||||||
|
# - https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network
|
||||||
|
# - https://amifloced.org/
|
||||||
|
#
|
||||||
|
# Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
|
||||||
|
matrix_nginx_proxy_floc_optout_enabled: true
|
||||||
|
|
||||||
# A list of strings containing additional configuration blocks to add to the base matrix server configuration (matrix-domain.conf).
|
# A list of strings containing additional configuration blocks to add to the base matrix server configuration (matrix-domain.conf).
|
||||||
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
matrix_nginx_proxy_proxy_matrix_additional_server_configuration_blocks: []
|
||||||
|
|
||||||
|
@ -5,6 +5,11 @@
|
|||||||
|
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json;
|
gzip_types text/plain application/json;
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_domain_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -3,8 +3,10 @@
|
|||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_bot_go_neb_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -3,9 +3,14 @@
|
|||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
add_header X-Frame-Options SAMEORIGIN;
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_element_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -3,8 +3,13 @@
|
|||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -17,6 +17,10 @@
|
|||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json;
|
gzip_types text/plain application/json;
|
||||||
|
|
||||||
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
location /.well-known/matrix {
|
location /.well-known/matrix {
|
||||||
root {{ matrix_static_files_base_path }};
|
root {{ matrix_static_files_base_path }};
|
||||||
{#
|
{#
|
||||||
|
@ -3,13 +3,19 @@
|
|||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
# duplicate X-Content-Type-Options & X-Frame-Options header
|
# duplicate X-Content-Type-Options & X-Frame-Options header
|
||||||
# Enabled by grafana by default
|
# Enabled by grafana by default
|
||||||
# add_header X-Content-Type-Options nosniff;
|
# add_header X-Content-Type-Options nosniff;
|
||||||
# add_header X-Frame-Options SAMEORIGIN;
|
# add_header X-Frame-Options SAMEORIGIN;
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
proxy_cookie_path / "/; HTTPOnly; Secure";
|
proxy_cookie_path / "/; HTTPOnly; Secure";
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -3,8 +3,13 @@
|
|||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_jitsi_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -1,6 +1,10 @@
|
|||||||
#jinja2: lstrip_blocks: "True"
|
#jinja2: lstrip_blocks: "True"
|
||||||
|
|
||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
|
{% if matrix_nginx_proxy_floc_optout_enabled %}
|
||||||
|
add_header Permissions-Policy interest-cohort=() always;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_riot_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -3,9 +3,11 @@
|
|||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
add_header X-Frame-Options DENY;
|
add_header X-Frame-Options DENY;
|
||||||
|
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_sygnal_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
Loading…
Reference in New Issue
Block a user