chore(vendor): Update h5bp/server-configs-nginx to v3.3.0

getstackhead · Jan 8, 2021 · a272874 · a272874
1 parent 482f78b
commit a272874
Show file tree

Hide file tree

Showing 9 changed files with 16 additions and 14 deletions.
diff --git a/vendor/server-configs-nginx/VERSION b/vendor/server-configs-nginx/VERSION
@@ -0,0 +1 @@
+v3.3.0
diff --git a/vendor/server-configs-nginx/h5bp/.gitkeep b/vendor/server-configs-nginx/h5bp/.gitkeep
diff --git a/vendor/server-configs-nginx/h5bp/location/web_performance_filename-based_cache_busting.conf b/vendor/server-configs-nginx/h5bp/location/web_performance_filename-based_cache_busting.conf
@@ -9,6 +9,6 @@
 # something like `*.css?v231`, please see:
 # https://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
 
-location ~* (.+)\.(?:\w+)\.(bmp|css|cur|gif|ico|jpe?g|m?js|png|svgz?|webp|webmanifest)$ {
+location ~* (.+)\.(?:\w+)\.(avifs?|bmp|css|cur|gif|ico|jpe?g|m?js|a?png|svgz?|webp|webmanifest)$ {
   try_files $uri $1.$2;
 }
diff --git a/vendor/server-configs-nginx/h5bp/security/content-security-policy.conf b/vendor/server-configs-nginx/h5bp/security/content-security-policy.conf
@@ -5,7 +5,7 @@
 # Mitigate the risk of cross-site scripting and other content-injection
 # attacks.
 #
-# This can be done by setting a `Content Security Policy` which whitelists
+# This can be done by setting a Content Security Policy which permits
 # trusted sources of content for your website.
 #
 # There is no policy that fits all websites, you will have to modify the

diff --git a/vendor/server-configs-nginx/h5bp/security/x-xss-protection.conf b/vendor/server-configs-nginx/h5bp/security/x-xss-protection.conf
@@ -8,9 +8,9 @@
 #     web browsers.
 #
 #     The filter is usually enabled by default, but in some cases, it may be
-#     disabled by the user. However, in Internet Explorer, for example, it can be
-#     re-enabled just by sending the  `X-XSS-Protection` header with the value
-#     of `1`.
+#     disabled by the user. However, in Internet Explorer, for example, it can
+#     be re-enabled just by sending the `X-XSS-Protection` header with the
+#     value of `1`.
 #
 # (2) Prevent web browsers from rendering the web page if a potential reflected
 #     (a.k.a non-persistent) XSS attack is detected by the filter.

diff --git a/vendor/server-configs-nginx/h5bp/ssl/certificate_files.conf b/vendor/server-configs-nginx/h5bp/ssl/certificate_files.conf
@@ -8,7 +8,7 @@
 # users of IE 8 and below on WinXP can see your main site without SSL errors.
 #
 # (1) Certificate and key files location
-#     The certificate file can contain intermediate certificate.
+#     The certificate file can contain an intermediate certificate.
 #
 #     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
 #
@@ -17,7 +17,7 @@
 #
 #     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
 #
-# (3) CA certificate file location for client certificate authentication
+# (3) CA certificate file location for client certificate authentication.
 #
 #     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate
 

diff --git a/vendor/server-configs-nginx/h5bp/ssl/policy_intermediate.conf b/vendor/server-configs-nginx/h5bp/ssl/policy_intermediate.conf
@@ -5,9 +5,9 @@
 # For services that don't need backward compatibility, the parameters below
 # provide a higher level of security.
 #
-# (!) This policy enforces a strong SSL configuration, which may raise errors
-#     with old clients.
-#     If a more compatible profile is required, use the intermediate policy.
+# (!) This policy enforces a mildly strong SSL configuration, which may raise
+#     errors with old clients.
+#     If a more compatible profile is required, use the "deprecated" policy.
 #
 # (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak
 #     and potentially vulnerable but are required to support Microsoft Edge

diff --git a/vendor/server-configs-nginx/h5bp/ssl/policy_modern.conf b/vendor/server-configs-nginx/h5bp/ssl/policy_modern.conf
@@ -5,7 +5,7 @@
 # For services that want to be on the bleeding edge, the parameters below
 # sacrifice compatibility for the highest level of security and performance.
 #
-# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
+# (!) TLSv1.3 and its 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
 #     to be installed.
 #
 # (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
@@ -23,8 +23,9 @@
 #
 # (!) Requests sent within early data are subject to replay attacks.
 #     To protect against such attacks at the application layer, the
-#     $ssl_early_data variable should be used:
-#       proxy_set_header Early-Data $ssl_early_data;
+#     `$ssl_early_data` variable should be used:
+#
+#         proxy_set_header Early-Data $ssl_early_data;
 #
 #     The application should return response code 425 "Too Early" for anything
 #     that could contain user supplied data.

diff --git a/vendor/server-configs-nginx/h5bp/web_performance/pre-compressed_content_brotli.conf b/vendor/server-configs-nginx/h5bp/web_performance/pre-compressed_content_brotli.conf
@@ -8,7 +8,7 @@
 # (!) To make this part relevant, you need to generate encoded files by your
 #     own. Enabling this part will not auto-generate brotlied files.
 #
-# Note that some clients (eg. browsers) require a secure connection to request
+# Note that some clients (e.g. browsers) require a secure connection to request
 # brotli-compressed resources.
 # https://www.chromestatus.com/feature/5420797577396224
 #