Merge pull request #390 from YunoHost-Apps/testing

Testing - Upgrade to version 4.1.4

2 files changed, 73 insertions, 30 deletions

diff --git a/conf/app.src b/conf/app.src
index 59c5c02..707becd 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.3.tar.gz
-SOURCE_SUM=5fd18661a990d09053673bfa8bcd880ab661109eb472a9d9f22b6d5f8dbf3e37
+SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.4.tar.gz
+SOURCE_SUM=524bac8c4108acc07b001caf44951446cb587f9626d8e0d15ed2f5811b980aaa
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 19c2c01..4b1f76b 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,7 +1,5 @@
-# upload max size
-client_max_body_size 100M;
+client_max_body_size 99m;
 
-# add to v1.4 assets
 root __FINALPATH__/live/public;
 
 location / {
@@ -13,56 +11,101 @@ location / {
   include conf.d/yunohost_panel.conf.inc;
 }
 
-location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
-  more_set_headers "Cache-Control: public, max-age=31536000, immutable";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
-  try_files $uri @proxy;
+location ~ /sw.js {
+  more_set_headers "Cache-Control: public, max-age=604800, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
 }
 
-location /sw.js {
-  more_set_headers "Cache-Control: public, max-age=0";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
-  try_files $uri @proxy;
+location ~ ^/assets/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
 }
 
-location @proxy {
+location ~ ^/avatars/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/emoji/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/headers/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/packs/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/shortcuts/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/sounds/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  try_files $uri =404;
+}
+
+location ~ ^/system/ {
+  more_set_headers "Cache-Control: public, max-age=2419200, immutable";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
+  more_set_headers "X-Content-Type-Option: nosniff";
+  more_set_headers "Content-Security-Policy: default-src 'none'; form-action 'none'";
+  try_files $uri =404;
+}
+
+location ^~ /api/v1/streaming {
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Proxy "";
-  proxy_pass_header Server;
 
-  proxy_pass http://127.0.0.1:__PORT_WEB__;
-  proxy_buffering on;
+  proxy_pass http://127.0.0.1:__PORT_STREAM__;
+  proxy_buffering off;
   proxy_redirect off;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
+  proxy_set_header Connection $connection_upgrade;
 
-  #proxy_cache CACHE;
-  proxy_cache_valid 200 7d;
-  proxy_cache_valid 410 24h;
-  proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-  more_set_headers "X-Cached: $upstream_cache_status";
-  more_set_headers "Strict-Transport-Security: max-age=31536000";
+  more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains";
 
   tcp_nodelay on;
 }
 
-location /api/v1/streaming {
+location @proxy {
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Proxy "";
+  proxy_pass_header Server;
 
-  proxy_pass http://127.0.0.1:__PORT_STREAM__;
-  proxy_buffering off;
+  proxy_pass http://127.0.0.1:__PORT_WEB__;
+  proxy_buffering on;
   proxy_redirect off;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
+  proxy_set_header Connection $connection_upgrade;
+
+  #proxy_cache CACHE;
+  proxy_cache_valid 200 7d;
+  proxy_cache_valid 410 24h;
+  proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+  more_set_headers "X-Cached: $upstream_cache_status";
 
   tcp_nodelay on;
 }