From d2255159179e0a3480001a570bffd3e3248e9ce9 Mon Sep 17 00:00:00 2001
From: muppeth <muppeth@no-reply@disroot.org>
Date: Wed, 14 Apr 2021 15:18:46 +0000
Subject: [PATCH 1/3] Small adjustments to header section in core template (#4)

Merge branch 'master' into template_fix

small adjustment to header section in core template

fixed missing closing bracket on base template

Co-authored-by: muppeth <muppeth@disroot.org>
Reviewed-on: https://git.disroot.org/Disroot-Ansible/nginx/pulls/4
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Reviewed-by: antilopa <antilopa@no-reply@disroot.org>
Co-Authored-By: muppeth <muppeth@no-reply@disroot.org>
Co-Committed-By: muppeth <muppeth@no-reply@disroot.org>
---
 templates/etc/nginx/sites-available/base.j2 | 2 +-
 templates/etc/nginx/sites-available/core.j2 | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/templates/etc/nginx/sites-available/base.j2 b/templates/etc/nginx/sites-available/base.j2
index 50cf514..0f6d287 100644
--- a/templates/etc/nginx/sites-available/base.j2
+++ b/templates/etc/nginx/sites-available/base.j2
@@ -8,10 +8,10 @@
 {% block location %}
   location / {
     try_files {{ item.override_try_files | default('$uri $uri/ =404') }};
+  }
 {% endblock %}
 {% block app_root_location %}
 {% endblock %}
-  }
 
 {% block extra_locations %}
 {% endblock %}
diff --git a/templates/etc/nginx/sites-available/core.j2 b/templates/etc/nginx/sites-available/core.j2
index 17a05d7..92ec2fe 100644
--- a/templates/etc/nginx/sites-available/core.j2
+++ b/templates/etc/nginx/sites-available/core.j2
@@ -83,7 +83,10 @@ server {
   add_header X-XSS-Protection "1; mode=block";
 {% endif %}
 {% if item.robots is defined %}
+{% if item.robots == 'none' %}
+{% else %}
   add_header X-Robots-Tag "{{ item.robots }}";
+{% endif %}
 {% else %}
   add_header X-Robots-Tag none;
 {% endif %}

From 08ec367e617edb32e504d74fe104b6ab7dbccf67 Mon Sep 17 00:00:00 2001
From: meaz <meaz@disroot.org>
Date: Fri, 16 Apr 2021 09:15:54 +0200
Subject: [PATCH 2/3] add Permissions-Policy

---
 templates/etc/nginx/sites-available/core.j2 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/templates/etc/nginx/sites-available/core.j2 b/templates/etc/nginx/sites-available/core.j2
index 92ec2fe..14fad30 100644
--- a/templates/etc/nginx/sites-available/core.j2
+++ b/templates/etc/nginx/sites-available/core.j2
@@ -8,7 +8,7 @@
 
 {% block server_info %}
 ## SERVER INFO
-server {  
+server {
   server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %};
 {% if item.proto == 'http' %}
   listen {{ item.listen }} {% if nginx_default_vhost == item.name %} default_server{% endif %};
@@ -49,6 +49,9 @@ server {
 {% if item.headers is defined and item.headers == 'none' %}
 {% else %}
 ## HEADERS
+{% if item.permissions_policy is defined %}
+  add_header Permissions-Policy "geolocation=(),interest-cohort=()";
+{% endif %}
 {% if item.secure_site is defined %}
   add_header X-Download-Options noopen;
   add_header X-Permitted-Cross-Domain-Policies none;

From ee1b806873f7b5799b861e2ab3f9339e0212be70 Mon Sep 17 00:00:00 2001
From: meaz <meaz@disroot.org>
Date: Fri, 16 Apr 2021 10:13:11 +0200
Subject: [PATCH 3/3] block per default

---
 templates/etc/nginx/sites-available/core.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/etc/nginx/sites-available/core.j2 b/templates/etc/nginx/sites-available/core.j2
index 14fad30..3fc1314 100644
--- a/templates/etc/nginx/sites-available/core.j2
+++ b/templates/etc/nginx/sites-available/core.j2
@@ -49,7 +49,8 @@ server {
 {% if item.headers is defined and item.headers == 'none' %}
 {% else %}
 ## HEADERS
-{% if item.permissions_policy is defined %}
+{% if item.permission_policy is defined and item.permission_policy == 'none' %}
+{% else %}
   add_header Permissions-Policy "geolocation=(),interest-cohort=()";
 {% endif %}
 {% if item.secure_site is defined %}