Enhance Nginx configuration for protected media files with PDF handling

2025-08-02 19:55:18 +02:00 · 2025-05-22 16:26:50 -04:00 · 2025-05-22 16:26:50 -04:00 · 14e71626f6
commit 14e71626f6
parent f96b6f5f65
1 changed files with 13 additions and 4 deletions
--- a/backend/nginx.conf
+++ b/backend/nginx.conf
@ -36,10 +36,19 @@ http {

        # Serve protected media files with X-Accel-Redirect
        location /protectedMedia/ {
-            internal; # Only internal requests are allowed
-            alias /code/media/;  # This should match Django MEDIA_ROOT
-            try_files $uri =404; # Return a 404 if the file doesn't exist
-        }
+            internal;
+            alias /code/media/;
+            try_files $uri =404;
+
+            # Nested location for PDFs
+            location ~* \.pdf$ {
+                add_header Content-Security-Policy "default-src 'self'; script-src 'none'; object-src 'none'; base-uri 'none'" always;
+                add_header X-Content-Type-Options nosniff always;
+                add_header X-Frame-Options SAMEORIGIN always;
+                add_header Content-Disposition "inline" always;
+    }
+}
+

    }
 }