# angular builds to index.html
index index.html;

# tor onion redirect
add_header Onion-Location http://$onion.onion$request_uri;

# HSTS preload enable
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

# generate frame configuration from origin header
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";

# used for iframes on https://mempool.space/network
if ($http_referer ~ ^https://mempool.space/)
{
	set $frameOptions "ALLOW-FROM https://mempool.space";
	set $contentSecurityPolicy "frame-ancestors https://mempool.space";
}
# used for iframes on https://mempool.ninja/network
if ($http_referer ~ ^https://mempool.ninja/)
{
	set $frameOptions "ALLOW-FROM https://mempool.ninja";
	set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
}
# used for iframes on https://wiz.biz/bitcoin/nodes
if ($http_referer ~ ^https://wiz.biz/)
{
	set $frameOptions "ALLOW-FROM https://wiz.biz";
	set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
}

# restrict usage of frames
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;

# enable browser and proxy caching
add_header Pragma "public";
add_header Cache-Control "public";

# vary cache if user changes language preference
add_header Vary Accept-Language;
add_header Vary Cookie;

# see order of nginx location rules
# https://stackoverflow.com/questions/5238377/nginx-location-priority

# for exact / requests, redirect based on $lang
# cache redirect for 10 minutes
location = / {
	if ($lang != '') {
		return 302 $scheme://$host/$lang$uri;
	}
	try_files /en-US/index.html =404;
	expires 10m;
}

# used to rewrite resources from /<lang>/ to /en-US/
# cache /resources/** for 1 week since they don't change often
location ~ ^/[a-z][a-z]/resources/(.*) {
	try_files $uri /en-US/resources/$1 =404;
        expires 1w;
}
# cache /<lang>/main.f40e91d908a068a2.js forever since they never change
location ~ ^/([a-z][a-z])/(.+\..+\.(js|css)) {
	try_files $uri =404;
	expires 1y;
}
# cache everything else for 10 minutes
location ~ ^/([a-z][a-z])$ {
	try_files $uri /$1/index.html /en-US/index.html =404;
        expires 10m;
}
location ~ ^/([a-z][a-z])/ {
	try_files $uri /$1/index.html /en-US/index.html =404;
        expires 10m;
}

# cache /resources/** for 1 week since they don't change often
location /resources {
	try_files $uri /en-US/$uri /en-US/index.html;
	expires 1w;
}
# cache /main.f40e91d908a068a2.js forever since they never change
location ~* ^/.+\..+\.(js|css) {
	try_files /$lang/$uri /en-US/$uri =404;
	expires 1y;
}
# catch-all for all URLs i.e. /address/foo /tx/foo /block/000
# cache 10 minutes since they change frequently
location / {
	try_files /$lang/$uri $uri /en-US/$uri /en-US/index.html =404;
	expires 10m;
}