disable api access from subdomained skapps (#719)

* disable api access from subdomained skapps * temporary reroute from skynet-mysky to ann1 dev version * revert dev change * mistakenly deleted try
2021-05-11 18:32:02 +02:00 · 2021-05-11 18:32:02 +02:00 · bd6763b47c
parent 68f52f14fe
commit bd6763b47c
1 changed files with 16 additions and 16 deletions
--- a/docker/nginx/conf.d/client.conf
+++ b/docker/nginx/conf.d/client.conf
@ -72,23 +72,23 @@ server {
 	rewrite ^/skynet/blacklist /skynet/blocklist permanent;
 	rewrite ^/account/(.*) https://account.$domain.$tld/$1 permanent;

+	# This is only safe workaround to reroute based on some conditions
+	# See https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
+	recursive_error_pages on;
+
+	# redirect links with base32 encoded skylink in subdomain
+	error_page 460 = @base32_subdomain;
+	if ($base32_subdomain != "") {
+		return 460;
+	}
+
+	# redirect links with handshake domain on hns subdomain
+	error_page 461 = @hns_domain;
+	if ($hns_domain != "") {
+		return 461;
+	}
+
 	location / {
-		# This is only safe workaround to reroute based on some conditions
-		# See https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
-		recursive_error_pages on;
-
-		# redirect links with base32 encoded skylink in subdomain
-		error_page 460 = @base32_subdomain;
-		if ($base32_subdomain != "") {
-			return 460;
-		}
-
-		# redirect links with handshake domain on hns subdomain
-		error_page 461 = @hns_domain;
-		if ($hns_domain != "") {
-			return 461;
-		}
-
 		include /etc/nginx/conf.d/include/cors;

 		proxy_pass http://website:9000;