Since 355e89ce5, the frontend references resources via root-relative URLs.
This means that `resources` dirs in the language dirs are no longer
accessed and can be removed.
Achieve this by defining a specific `assets` production config that
doesn't include `src/resources`.
As of fd35c8f4a, this shrinks the frontend size by 55% (279M -> 124M).
Also, the nginx location configs now can be simplified.
This patch was generated by replacing:
`proxy_set_header Host $http_host` ->
`proxy_set_header Host $host`
Script:
find . -type f -exec sed -i 's|proxy_set_header Host \$http_host|proxy_set_header Host \$host|g' {} \;
Fixes test error:
```
>> Problem: [host_spoofing] The proxied Host header may be spoofed.
Description: In most cases "$host" variable are more appropriate, just use it.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
```
`proxy_set_header Host $host` is indeed the recommended default proxy header setting.
Fixes test error:
```
>> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
Description: Using variables that can contain "\n" or "\r" may lead to http injection.
```
Summary: `$uri` should never be used in `return` statements.
See: https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
In this case, `$uri` always equals `/`, so just replace it.
Currently we perma-cache everything matching /api/block, but this
is bad because it also matches /api/block-height and /api/blocks/
API endpoints, which shouldn't be perma-cached. Add a trailing slash
to prevent those from getting matched.
