From e07a5953369259318ddb3b6d3ac1b2d3998d5128 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Mon, 2 May 2022 13:19:52 +0100
Subject: [PATCH] Add CORS headers to noblogs.ai-cdn.net

And disallow all requests that are not static content.
---
 .../sites-available/noblogs.ai-cdn.net.conf     | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/docker/conf/apache2/sites-available/noblogs.ai-cdn.net.conf b/docker/conf/apache2/sites-available/noblogs.ai-cdn.net.conf
index 993c36e9..745becda 100644
--- a/docker/conf/apache2/sites-available/noblogs.ai-cdn.net.conf
+++ b/docker/conf/apache2/sites-available/noblogs.ai-cdn.net.conf
@@ -2,9 +2,24 @@
 	ServerName noblogs.ai-cdn.net
 
 	DocumentRoot /opt/noblogs/www
+
+        SetEnvIf X-Forwarded-Proto https HTTPS=on
+	Header set Access-Control-Allow-Origin "*"
+
 	<Directory /opt/noblogs/www>
 		Options FollowSymLinks
 		AllowOverride All
-		Require all granted
+		Require all denied
 	</Directory>
+
+        <Directory /opt/noblogs/www/wp-content>
+                Options -Indexes
+		Require all granted
+        </Directory>
+
+        <Directory /opt/noblogs/www/wp-includes>
+                Options -Indexes
+		Require all granted
+        </Directory>
+
 </VirtualHost>
-- 
GitLab