Add CORS headers to noblogs.ai-cdn.net

And disallow all requests that are not static content.

Add CORS headers to noblogs.ai-cdn.net
e07a5953 · ale · 170cba5e · e07a5953
Commit e07a5953 authored 2 years ago by ale
--- a/docker/conf/apache2/sites-available/noblogs.ai-cdn.net.conf
+++ b/docker/conf/apache2/sites-available/noblogs.ai-cdn.net.conf
@@ -2,9 +2,24 @@
 	ServerName noblogs.ai-cdn.net

 	DocumentRoot /opt/noblogs/www
+
+        SetEnvIf X-Forwarded-Proto https HTTPS=on
+	Header set Access-Control-Allow-Origin "*"
+
 	<Directory /opt/noblogs/www>
 		Options FollowSymLinks
 		AllowOverride All
-		Require all granted
+		Require all denied
 	</Directory>
+
+        <Directory /opt/noblogs/www/wp-content>
+                Options -Indexes
+		Require all granted
+        </Directory>
+
+        <Directory /opt/noblogs/www/wp-includes>
+                Options -Indexes
+		Require all granted
+        </Directory>
+
 </VirtualHost>