aki-angular-secure-config
Version:
The `aki-angular-secure-config` is a new npm package developed to address a security vulnerability in Angular applications. This package ensures that sensitive configuration data in `config.json` is protected from being inspected or extracted via browser
64 lines (59 loc) • 1.94 kB
Plain Text
server {
listen 8080;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
add_header 'Pragma' 'no-cache';
add_header 'Cache-Control' 'no-cache, no-store';
add_header 'Set-Cookie' 'Path=/; HttpOnly; Secure;';
add_header 'X-Content-Type-Options' 'nosniff';
add_header 'X-XSS-Protection' '1; mode=block';
add_header 'X-Frame-Options' 'SAMEORIGIN';
add_header 'Strict-Transport-Security' "max-age=31536000; includeSubDomains" always;
add_header 'Content-Security-Policy' "default-src https:; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: data:; font-src 'self' https:;media-src 'self' https:;";
add_header 'Access-Control-Allow-Origin' '*';
# Block access to config.json
location ~* /config.json {
return 403;
}
location / {
root /usr/share/nginx/html;
proxy_cookie_path / "/; secure";
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png|woff|woff2|svg|)$ {
root /usr/share/nginx/html;
proxy_cookie_path / "/; secure";
try_files $uri $uri/ /index.html;
expires 365d;
}
location ~* \~ {
return 403;
}
}