From 5d5cb8296e9791cab870b6945055a1ad8c055093 Mon Sep 17 00:00:00 2001
From: ScriptSmith <ScriptSmith@users.noreply.github.com>
Date: Fri, 18 Oct 2024 08:24:50 +1000
Subject: [PATCH 1/6] Add redirect from /

---
 containers/default.conf.template | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/containers/default.conf.template b/containers/default.conf.template
index 30688204..1804fa6a 100644
--- a/containers/default.conf.template
+++ b/containers/default.conf.template
@@ -3,6 +3,10 @@ server {
     server_name localhost;
     absolute_redirect off;
 
+    location = / {
+        return 302 "/ai-toolbox/job/";
+    }
+
     location /ai-toolbox/ {
         alias /usr/share/nginx/html/;
         index index.html;

From d1fa415fc915240ebc8b810c6421768823ade7a8 Mon Sep 17 00:00:00 2001
From: ScriptSmith <ScriptSmith@users.noreply.github.com>
Date: Fri, 18 Oct 2024 08:25:23 +1000
Subject: [PATCH 2/6] Add additional CSP headers

---
 containers/default.conf.template | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/containers/default.conf.template b/containers/default.conf.template
index 1804fa6a..e08441b7 100644
--- a/containers/default.conf.template
+++ b/containers/default.conf.template
@@ -11,6 +11,6 @@ server {
         alias /usr/share/nginx/html/;
         index index.html;
         include  /etc/nginx/mime.types;
-        add_header Content-Security-Policy "frame-ancestors 'self' ${ALLOWED_DOMAINS};";
+        add_header Content-Security-Policy "frame-ancestors 'self' ${ALLOWED_DOMAINS}; form-action 'self'; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://img.shields.io; font-src 'self'; connect-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; base-uri 'self';";
     }
 }

From 6442078c59200ec7570df2c7d705d94c3e8abd63 Mon Sep 17 00:00:00 2001
From: ScriptSmith <ScriptSmith@users.noreply.github.com>
Date: Fri, 18 Oct 2024 08:34:40 +1000
Subject: [PATCH 3/6] Add deprecated X-Frame-Options header

---
 containers/default.conf.template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/default.conf.template b/containers/default.conf.template
index e08441b7..f6204b2a 100644
--- a/containers/default.conf.template
+++ b/containers/default.conf.template
@@ -12,5 +12,6 @@ server {
         index index.html;
         include  /etc/nginx/mime.types;
         add_header Content-Security-Policy "frame-ancestors 'self' ${ALLOWED_DOMAINS}; form-action 'self'; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://img.shields.io; font-src 'self'; connect-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; base-uri 'self';";
+        add_header X-Frame-Options "ALLOW-FROM ${ALLOWED_DOMAINS}";
     }
 }

From 4dba16a2bef4b0afc36c9ef44fdd87a8717d2853 Mon Sep 17 00:00:00 2001
From: ScriptSmith <ScriptSmith@users.noreply.github.com>
Date: Fri, 18 Oct 2024 08:26:17 +1000
Subject: [PATCH 4/6] Add X-Content-Type-Options header

---
 containers/default.conf.template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/default.conf.template b/containers/default.conf.template
index f6204b2a..3fc01127 100644
--- a/containers/default.conf.template
+++ b/containers/default.conf.template
@@ -13,5 +13,6 @@ server {
         include  /etc/nginx/mime.types;
         add_header Content-Security-Policy "frame-ancestors 'self' ${ALLOWED_DOMAINS}; form-action 'self'; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://img.shields.io; font-src 'self'; connect-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; base-uri 'self';";
         add_header X-Frame-Options "ALLOW-FROM ${ALLOWED_DOMAINS}";
+        add_header X-Content-Type-Options "nosniff";
     }
 }

From 7c03fc8b6a2a402bd97ffe3d6d78e60e922442aa Mon Sep 17 00:00:00 2001
From: ScriptSmith <ScriptSmith@users.noreply.github.com>
Date: Fri, 18 Oct 2024 08:26:35 +1000
Subject: [PATCH 5/6] Add cache control header

---
 containers/default.conf.template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/default.conf.template b/containers/default.conf.template
index 3fc01127..72318635 100644
--- a/containers/default.conf.template
+++ b/containers/default.conf.template
@@ -14,5 +14,6 @@ server {
         add_header Content-Security-Policy "frame-ancestors 'self' ${ALLOWED_DOMAINS}; form-action 'self'; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://img.shields.io; font-src 'self'; connect-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; base-uri 'self';";
         add_header X-Frame-Options "ALLOW-FROM ${ALLOWED_DOMAINS}";
         add_header X-Content-Type-Options "nosniff";
+        add_header Cache-Control "max-age=600";
     }
 }

From d761e9d9504c4772a72617d8f7eb1c88f3dc9730 Mon Sep 17 00:00:00 2001
From: ScriptSmith <ScriptSmith@users.noreply.github.com>
Date: Fri, 18 Oct 2024 08:27:22 +1000
Subject: [PATCH 6/6] Limit to HTTP methods to GET HEAD OPTIONS

---
 containers/default.conf.template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/default.conf.template b/containers/default.conf.template
index 72318635..08dbd50c 100644
--- a/containers/default.conf.template
+++ b/containers/default.conf.template
@@ -15,5 +15,6 @@ server {
         add_header X-Frame-Options "ALLOW-FROM ${ALLOWED_DOMAINS}";
         add_header X-Content-Type-Options "nosniff";
         add_header Cache-Control "max-age=600";
+        limit_except GET { deny all; }
     }
 }