Update redirect rules for nextcloud well-known.

2023-09-28 07:45:47 +02:00
parent 12a69c240d
commit 8003f373ce
1 changed files with 12 additions and 10 deletions
--- a/nextcloud/nextcloud.conf
+++ b/nextcloud/nextcloud.conf
@@ -26,13 +26,13 @@ server {
    #pagespeed off;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
-    add_header Referrer-Policy                      "no-referrer"   always;
-    add_header X-Content-Type-Options               "nosniff"       always;
-    add_header X-Download-Options                   "noopen"        always;
-    add_header X-Frame-Options                      "SAMEORIGIN"    always;
-    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
-    add_header X-Robots-Tag                         "none"          always;
-    add_header X-XSS-Protection                     "1; mode=block" always;
+    add_header Referrer-Policy                      "no-referrer"        always;
+    add_header X-Content-Type-Options               "nosniff"            always;
+    add_header X-Download-Options                   "noopen"             always;
+    add_header X-Frame-Options                      "SAMEORIGIN"         always;
+    add_header X-Permitted-Cross-Domain-Policies    "none"               always;
+    add_header X-Robots-Tag                         "noindex, nofollow"  always;
+    add_header X-XSS-Protection                     "1; mode=block"      always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;
@@ -73,8 +73,10 @@ server {
        # The rules in this block are an adaptation of the rules
        # in `.htaccess` that concern `/.well-known`.

-        location = /.well-known/carddav { return 301 /remote.php/dav/; }
-        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+        location = /.well-known/carddav    { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav     { return 301 /remote.php/dav/; }
+        location = /.well-known/webfinger  { return 301 /index.php/.well-known/webfinger/; }
+        location = /.well-known/nodeinfo   { return 301 /index.php/.well-known/nodeinfo; }

        # Let Nextcloud's API for `/.well-known` URIs handle all other
        # requests by passing them to the front-end controller.
@@ -131,4 +133,4 @@ server {
    location / {
        try_files $uri $uri/ /index.php$request_uri;
    }
-}
+}