From 75e11df5fbaf0fb9ab598e10422c8eae06124742 Mon Sep 17 00:00:00 2001 From: Your Name <119736744+aborayan2022@users.noreply.github.com> Date: Tue, 10 Mar 2026 12:08:20 +0200 Subject: [PATCH] Add Plausible and Google Site Verification support to environment configuration and update Content Security Policy in Nginx configurations --- backend/celerybeat-schedule | Bin 16384 -> 16384 bytes docker-compose.prod.yml | 6 ++++++ docker-compose.yml | 6 ++++++ nginx/nginx.conf | 2 +- nginx/nginx.prod.conf | 9 ++++++++- 5 files changed, 21 insertions(+), 2 deletions(-) diff --git a/backend/celerybeat-schedule b/backend/celerybeat-schedule index 3901fd6c98de9097410c2ccc374d81230fe421a1..458e19537d49b2e02c0b940032b66ce1131bd0c5 100644 GIT binary patch delta 28 jcmZo@U~Fh$+~8ou&c(&Rz`*=xvb#|rqs8W#M(Ml&aC-;G delta 28 jcmZo@U~Fh$+~8ou&M79xz`*)%vb#|rquJ(}M(Ml&b2|s} diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 173ede3..a0b5294 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -103,11 +103,17 @@ services: target: build environment: - VITE_GA_MEASUREMENT_ID=${VITE_GA_MEASUREMENT_ID:-} + - VITE_PLAUSIBLE_DOMAIN=${VITE_PLAUSIBLE_DOMAIN:-} + - VITE_PLAUSIBLE_SRC=${VITE_PLAUSIBLE_SRC:-https://plausible.io/js/script.js} + - VITE_GOOGLE_SITE_VERIFICATION=${VITE_GOOGLE_SITE_VERIFICATION:-} - VITE_ADSENSE_CLIENT_ID=${VITE_ADSENSE_CLIENT_ID:-} - VITE_ADSENSE_SLOT_HOME_TOP=${VITE_ADSENSE_SLOT_HOME_TOP:-} - VITE_ADSENSE_SLOT_HOME_BOTTOM=${VITE_ADSENSE_SLOT_HOME_BOTTOM:-} - VITE_ADSENSE_SLOT_TOP_BANNER=${VITE_ADSENSE_SLOT_TOP_BANNER:-} - VITE_ADSENSE_SLOT_BOTTOM_BANNER=${VITE_ADSENSE_SLOT_BOTTOM_BANNER:-} + - VITE_FEATURE_EDITOR=${VITE_FEATURE_EDITOR:-true} + - VITE_FEATURE_OCR=${VITE_FEATURE_OCR:-true} + - VITE_FEATURE_REMOVEBG=${VITE_FEATURE_REMOVEBG:-true} volumes: - frontend_build:/app/dist diff --git a/docker-compose.yml b/docker-compose.yml index 032a5c7..ab9787e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -103,11 +103,17 @@ services: environment: - NODE_ENV=development - VITE_GA_MEASUREMENT_ID=${VITE_GA_MEASUREMENT_ID:-} + - VITE_PLAUSIBLE_DOMAIN=${VITE_PLAUSIBLE_DOMAIN:-} + - VITE_PLAUSIBLE_SRC=${VITE_PLAUSIBLE_SRC:-https://plausible.io/js/script.js} + - VITE_GOOGLE_SITE_VERIFICATION=${VITE_GOOGLE_SITE_VERIFICATION:-} - VITE_ADSENSE_CLIENT_ID=${VITE_ADSENSE_CLIENT_ID:-} - VITE_ADSENSE_SLOT_HOME_TOP=${VITE_ADSENSE_SLOT_HOME_TOP:-} - VITE_ADSENSE_SLOT_HOME_BOTTOM=${VITE_ADSENSE_SLOT_HOME_BOTTOM:-} - VITE_ADSENSE_SLOT_TOP_BANNER=${VITE_ADSENSE_SLOT_TOP_BANNER:-} - VITE_ADSENSE_SLOT_BOTTOM_BANNER=${VITE_ADSENSE_SLOT_BOTTOM_BANNER:-} + - VITE_FEATURE_EDITOR=${VITE_FEATURE_EDITOR:-true} + - VITE_FEATURE_OCR=${VITE_FEATURE_OCR:-true} + - VITE_FEATURE_REMOVEBG=${VITE_FEATURE_REMOVEBG:-true} # --- Nginx Reverse Proxy --- nginx: diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 064a307..07b7f94 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -17,7 +17,7 @@ server { add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://pagead2.googlesyndication.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://pagead2.googlesyndication.com; frame-src https://googleads.g.doubleclick.net https://tpc.googlesyndication.com; frame-ancestors 'self'" always; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.google-analytics.com https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://pagead2.googlesyndication.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://pagead2.googlesyndication.com https://plausible.io; frame-src https://googleads.g.doubleclick.net https://tpc.googlesyndication.com; frame-ancestors 'self'" always; # API requests → Flask backend location /api/ { diff --git a/nginx/nginx.prod.conf b/nginx/nginx.prod.conf index 41d2b06..8740d8b 100644 --- a/nginx/nginx.prod.conf +++ b/nginx/nginx.prod.conf @@ -30,7 +30,14 @@ server { add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://pagead2.googlesyndication.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://pagead2.googlesyndication.com; frame-src https://googleads.g.doubleclick.net https://tpc.googlesyndication.com; frame-ancestors 'self'" always; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://pagead2.googlesyndication.com https://www.googletagmanager.com https://www.google-analytics.com https://plausible.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://pagead2.googlesyndication.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://pagead2.googlesyndication.com https://plausible.io; frame-src https://googleads.g.doubleclick.net https://tpc.googlesyndication.com; frame-ancestors 'self'" always; + + # SEO files — no cache, always fresh + location ~* ^/(sitemap\.xml|robots\.txt|llms\.txt|humans\.txt)$ { + root /usr/share/nginx/html; + expires 1d; + add_header Cache-Control "public, must-revalidate"; + } # Gzip gzip on;