add_header X-Frame-Options 'SAMEORIGIN';
add_header 'Content-Security-Policy' "default-src 'none'; frame-src 'self'; style-src 'self'; img-src 'self'; script-src 'self'; script-src-attr 'unsafe-hashes' 'sha256-zJLaKD58+Visbr6gP9zwWCEzeRWj+Qh/gZy0x1nAPoY='; frame-ancestors 'self'; base-uri 'none'; form-action 'none';";

location = / {
	include fastcgi_params;

	fastcgi_cache libot_cache;
	fastcgi_param WEBSITE_ROOT		$cgi_root;
	fastcgi_param NETWORK_HOST		$network_host;
	fastcgi_param NETWORK_INTERFACE	$network_interface;
	fastcgi_param SCRIPT_FILENAME	$cgi_root/route/index;

	fastcgi_pass unix:/run/fcgiwrap.socket;
}

location /unpublished {
	allow 192.168.1.1; # no snooping
	deny all;

	include fastcgi_params;

	fastcgi_param WEBSITE_ROOT		$cgi_root;
	fastcgi_param NETWORK_HOST		$network_host;
	fastcgi_param NETWORK_INTERFACE	$network_interface;
	fastcgi_param UNPUBLISHED		'true';
	fastcgi_param SCRIPT_FILENAME	$cgi_root/route/index;

	fastcgi_pass unix:/run/fcgiwrap.socket;
}

location /sidebar {
	include fastcgi_params;

	fastcgi_cache libot_cache;
	fastcgi_param WEBSITE_ROOT		$cgi_root;
	fastcgi_param NETWORK_HOST		$network_host;
	fastcgi_param NETWORK_INTERFACE	$network_interface;
	fastcgi_param SCRIPT_FILENAME	$cgi_root/route/sidebar;

	fastcgi_pass unix:/run/fcgiwrap.socket;
}

location /img/ {
	expires 1m;
	try_files $uri =404;
}

location = /styles.css {
	expires 1d;
	try_files $uri =404;
}

location = /scripts.js {
	expires 1d;
	try_files $uri =404;
}

location ~ ^/get {
	if ($http_user_agent ~ "Discordbot") { # to prevent the link embedding
		return 403;
	}

	include fastcgi_params;

	fastcgi_param WEBSITE_ROOT		$cgi_root;
	fastcgi_param NETWORK_HOST		$network_host;
	fastcgi_param NETWORK_INTERFACE	$network_interface;
	fastcgi_param SCRIPT_FILENAME	$cgi_root/route/get;

	fastcgi_pass unix:/run/fcgiwrap.socket;
}

location ~ /\.ht {
	deny all;
}