server { listen 80; server_name _; root /usr/share/nginx/html; index index.html; # App-Shell darf NUR von der eigenen Homepage als iframe eingebettet werden. add_header Content-Security-Policy "frame-ancestors 'self' https://gaertner.onl https://*.gaertner.onl" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer" always; # Service Worker & Manifest nie cachen -> App-Updates greifen sofort. location = /sw.js { add_header Cache-Control "no-cache"; } location = /manifest.webmanifest { add_header Cache-Control "no-cache"; } # Entwickler-/Test-Artefakte (_-Präfix) niemals ausliefern. location ~ /_ { deny all; } location / { try_files $uri $uri/ =404; } }