summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Löthberg <johannes@kyriasis.com>2019-03-21 20:13:15 +0100
committerJohannes Löthberg <johannes@kyriasis.com>2019-03-21 20:13:15 +0100
commit157eaf65e9dcc72c45b86e586ad32bbb1ae825c1 (patch)
tree182662356f70e2ccf906ebd162fb28068cc9cad6
parent645f43889c0b3ade145506d84f7a330e10e2349e (diff)
downloadpillar-157eaf65e9dcc72c45b86e586ad32bbb1ae825c1.tar.xz
nginx: Fix CORS quoting
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
-rw-r--r--nginx/kyriasis_com.sls6
-rw-r--r--nginx/matrix_kyriasis_com.sls6
2 files changed, 6 insertions, 6 deletions
diff --git a/nginx/kyriasis_com.sls b/nginx/kyriasis_com.sls
index bc1a749..099c9ea 100644
--- a/nginx/kyriasis_com.sls
+++ b/nginx/kyriasis_com.sls
@@ -32,7 +32,7 @@ nginx:
- ssl_trusted_certificate: /etc/letsencrypt/live/kyriasis.com/fullchain.pem
# https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
# Tell browsers not to render the page inside a frame, and avoid clickjacking.
- add_header: X-Frame-Options SAMEORIGIN
@@ -47,8 +47,8 @@ nginx:
# http://www.gnuterrypratchett.com/
- add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - add_header: 'Access-Control-Allow-Origin' '*'
- - add_header: 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'
+ - add_header: "'Access-Control-Allow-Origin' '*'"
+ - add_header: "'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'"
- client_max_body_size: 128m
diff --git a/nginx/matrix_kyriasis_com.sls b/nginx/matrix_kyriasis_com.sls
index 3883cec..b98ba69 100644
--- a/nginx/matrix_kyriasis_com.sls
+++ b/nginx/matrix_kyriasis_com.sls
@@ -39,7 +39,7 @@ nginx:
- ssl_trusted_certificate: /etc/letsencrypt/live/matrix.kyriasis.com/fullchain.pem
# https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
- - add_header: 'Strict-Transport-Security "max-age=31536000"'
+ - add_header: 'Strict-Transport-Security "max-age=31536000"'
# Tell browsers to not try to auto-detect the Content-Type.
- add_header: X-Content-Type-Options nosniff
@@ -51,8 +51,8 @@ nginx:
# http://www.gnuterrypratchett.com/
- add_header: 'X-Clacks-Overhead "GNU Terry Pratchett"'
- - add_header: 'Access-Control-Allow-Origin' '*'
- - add_header: 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'
+ - add_header: "'Access-Control-Allow-Origin' '*'"
+ - add_header: "'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, HEAD, OPTIONS'"
- client_max_body_size: 128m