uploads: Stop putting API headers on local-file upload responses.

These only need the usual response headers, not the
Access-Control-Origin headers that API endpoints need.
This commit is contained in:
Alex Vandiver 2023-01-11 15:44:38 +00:00
parent 059f64dcd9
commit a955f52904
1 changed files with 1 additions and 1 deletions

View File

@ -40,7 +40,7 @@ location ~ ^/internal/s3/([^/]+)/(.*) {
# Internal file-serving
location /internal/local/uploads {
internal;
include /etc/nginx/zulip-include/api_headers;
include /etc/nginx/zulip-include/headers;
add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; object-src 'self'; plugin-types application/pdf;";
include /etc/nginx/zulip-include/uploads.types;
alias /home/zulip/uploads/files;