From 66656abf61da43777c5f592401a2d4f47cec51f8 Mon Sep 17 00:00:00 2001
From: nl6720 <nl6720@gmail.com>
Date: Tue, 29 Mar 2022 11:00:42 +0300
Subject: [PATCH] archwiki/templates/nginx.d.conf.j2: fix access to MediaWiki
 extension assets

Various files in /extensions/ need to be accessible for extensions to work.

Based on example from https://www.mediawiki.org/wiki/Manual:Short_URL/Nginx.

Fixes #355.
---
 roles/archwiki/templates/nginx.d.conf.j2 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/archwiki/templates/nginx.d.conf.j2 b/roles/archwiki/templates/nginx.d.conf.j2
index 102383aa2..5a908d5af 100644
--- a/roles/archwiki/templates/nginx.d.conf.j2
+++ b/roles/archwiki/templates/nginx.d.conf.j2
@@ -122,12 +122,16 @@ server {
         limit_req zone=archwikilimit burst=10 nodelay;
     }
 
-    # whitelist known OK directories
-    location ~ ^/(?:skins|resources|images|extensions/ArchLinux/modules|extensions/WikiEditor/modules/images/toolbar|extensions/CodeMirror/resources/mode/mediawiki/img)/ {
+    # MediaWiki assets
+    location ~ ^/(?:images|resources/(?:assets|lib|src)|(?:skins|extensions)/.+\.(?:css|js|gif|jpg|jpeg|png|svg|wasm)$) {
         expires 30d;
         add_header Pragma public;
         add_header Cache-Control "public, must-revalidate, proxy-revalidate";
     }
+    location /images/deleted {
+        # Deny access to deleted images folder
+        deny all;
+    }
 
     # block all other directories
     location ~ ^/[^/]+/ {
-- 
GitLab