Brunobrno
264f0116ae
Enhanced the downloader backend and frontend to support playlist URLs for video info and downloads. The API now returns structured playlist information, allows selecting specific videos for download, and returns a ZIP file for playlist downloads. Updated OpenAPI types, removed deprecated parameters (start_time, end_time, playlist_items), and improved Content Security Policy handling in nginx. Refactored frontend to handle playlist selection and updated generated API models accordingly.
84 lines
2.8 KiB
Nginx Configuration File
84 lines
2.8 KiB
Nginx Configuration File
# nginx.conf
|
|
worker_processes auto;
|
|
user nginx;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
client_max_body_size 50m;
|
|
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
|
|
# Content Security Policy - organized for better readability
|
|
map $request_uri $csp_policy {
|
|
default "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src * data: blob:; connect-src 'self' http://127.0.0.1:8000 http://localhost:8000 ws: wss: https://api.paylibo.com; font-src 'self' data: https://fonts.gstatic.com";
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
|
|
# -------------------------
|
|
# React frontend
|
|
# -------------------------
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
location / {
|
|
try_files $uri /index.html;
|
|
# Ensure CSP is present on SPA document responses too
|
|
add_header Content-Security-Policy $csp_policy always;
|
|
}
|
|
|
|
# -------------------------
|
|
# Django backend API
|
|
# -------------------------
|
|
|
|
# Serve Django static and media volumes mounted into the container
|
|
location /static/ {
|
|
alias /app/collectedstaticfiles/;
|
|
}
|
|
|
|
location /media/ {
|
|
alias /app/media/;
|
|
}
|
|
|
|
# Same-origin proxy for API -> avoids CORS and allows cookies
|
|
location /api {
|
|
return 301 /api/;
|
|
}
|
|
location /api/ {
|
|
proxy_pass http://backend:8000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Connection "";
|
|
proxy_buffering off;
|
|
client_max_body_size 50m;
|
|
|
|
# Ensure CSP is also present on proxied responses
|
|
add_header Content-Security-Policy $csp_policy always;
|
|
}
|
|
|
|
# -------------------------
|
|
# Security headers
|
|
# -------------------------
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
# CSP Policy - Centrally defined above for better maintainability
|
|
# To add new domains, update the $csp_policy map above
|
|
# Development: More permissive for external resources
|
|
# Production: Should be more restrictive and use nonces/hashes where possible
|
|
add_header Content-Security-Policy $csp_policy always;
|
|
}
|
|
}
|