From 80f6d365434cb3adc3cf46692e2c7855fb1f6157 Mon Sep 17 00:00:00 2001 From: Diogo Correia Date: Mon, 1 Sep 2025 22:30:43 +0100 Subject: [PATCH 1/2] {nixos/,}grocy: add diogotcorreia as maintainer --- nixos/modules/services/web-apps/grocy.nix | 2 +- nixos/tests/grocy.nix | 5 ++++- pkgs/by-name/gr/grocy/package.nix | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/web-apps/grocy.nix b/nixos/modules/services/web-apps/grocy.nix index 23e5844e1761..c0cd4cb67644 100644 --- a/nixos/modules/services/web-apps/grocy.nix +++ b/nixos/modules/services/web-apps/grocy.nix @@ -211,7 +211,7 @@ in }; meta = { - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ diogotcorreia ]; doc = ./grocy.md; }; } diff --git a/nixos/tests/grocy.nix b/nixos/tests/grocy.nix index cd675b16de0e..f31c9d6a7c7c 100644 --- a/nixos/tests/grocy.nix +++ b/nixos/tests/grocy.nix @@ -2,7 +2,10 @@ { name = "grocy"; meta = with pkgs.lib.maintainers; { - maintainers = [ ma27 ]; + maintainers = [ + diogotcorreia + ma27 + ]; }; nodes.machine = diff --git a/pkgs/by-name/gr/grocy/package.nix b/pkgs/by-name/gr/grocy/package.nix index e2647d8a2b31..ee2b76bd91a4 100644 --- a/pkgs/by-name/gr/grocy/package.nix +++ b/pkgs/by-name/gr/grocy/package.nix @@ -62,7 +62,7 @@ php.buildComposerProject2 (finalAttrs: { meta = with lib; { license = licenses.mit; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ diogotcorreia ]; description = "ERP beyond your fridge - grocy is a web-based self-hosted groceries & household management solution for your home"; homepage = "https://grocy.info/"; }; From c1292555085e63c4f31a6ffd5b43ede66297efe7 Mon Sep 17 00:00:00 2001 From: Diogo Correia Date: Mon, 1 Sep 2025 22:36:10 +0100 Subject: [PATCH 2/2] nixos/grocy: don't set X-XSS-Protection anymore Part of #438800. The OWASP recommentation[1] is: > The X-XSS-Protection header has been deprecated by modern browsers > and its use can introduce additional security issues on the client > side. As such, it is recommended to set the header as X-XSS-Protection: 0 > in order to disable the XSS Auditor, and not allow it to take the default > behavior of the browser handling the response. Please use > Content-Security-Policy instead. [1] https://owasp.org/www-project-secure-headers/#x-xss-protection --- nixos/modules/services/web-apps/grocy.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/nixos/modules/services/web-apps/grocy.nix b/nixos/modules/services/web-apps/grocy.nix index c0cd4cb67644..ce5be95ce6f3 100644 --- a/nixos/modules/services/web-apps/grocy.nix +++ b/nixos/modules/services/web-apps/grocy.nix @@ -191,7 +191,6 @@ in locations."~ \\.(js|css|ttf|woff2?|png|jpe?g|svg)$".extraConfig = '' add_header Cache-Control "public, max-age=15778463"; add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none;