[–] nl 12y ago ↗ What are we supposed to be looking at here?The config (there is only one) in the linked repository is fairly.. sparse (although the headers in the conf directory are more useful).There are 6 outstanding pull requests, so it doesn't even look like it is being maintained.Nice idea, but this implementation needs some work. [–] [deleted] 12y ago ↗ (comment deleted) [–] pbreit 12y ago ↗ I think the meat is here: https://github.com/h5bp/server-configs-nginx/tree/master/con... [–] nl 12y ago ↗ Yep, hence "although the headers in the conf directory are more useful"Still not a lot to see though.
[–] pbreit 12y ago ↗ I think the meat is here: https://github.com/h5bp/server-configs-nginx/tree/master/con... [–] nl 12y ago ↗ Yep, hence "although the headers in the conf directory are more useful"Still not a lot to see though.
[–] nl 12y ago ↗ Yep, hence "although the headers in the conf directory are more useful"Still not a lot to see though.
[–] deluxaran 12y ago ↗ This looks interesting and it may be useful if it gets around and is completed and maintained, especially for the new users of nginx.
[–] simonw 12y ago ↗ This config file looks like a bad idea:https://github.com/h5bp/server-configs-nginx/blob/master/con... # Cross domain AJAX requests add_header "Access-Control-Allow-Origin" "*"; Wouldn't this open up a site to CSRF form field stealing attacks?
9 comments
[ 4.9 ms ] story [ 33.2 ms ] threadThe config (there is only one) in the linked repository is fairly.. sparse (although the headers in the conf directory are more useful).
There are 6 outstanding pull requests, so it doesn't even look like it is being maintained.
Nice idea, but this implementation needs some work.
Still not a lot to see though.
https://github.com/h5bp/server-configs-nginx/blob/master/con...
Wouldn't this open up a site to CSRF form field stealing attacks?