Merge branch 'master' into master

.examples/docker-compose/insecure/mariadb/apache/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: MariaDB is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/mariadb

.examples/docker-compose/insecure/mariadb/fpm/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: MariaDB is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/mariadb
@@ -45,7 +46,7 @@ services:
       - 127.0.0.1:8080:80
     volumes:
       # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
-      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
+      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
       # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     depends_on:

.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,13 +161,13 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
@@ -176,12 +175,7 @@ http {
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {

.examples/docker-compose/insecure/postgres/apache/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: PostgreSQL is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/postgres

.examples/docker-compose/insecure/postgres/fpm/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: PostgreSQL is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/postgres
@@ -40,7 +41,7 @@ services:
       - 127.0.0.1:8080:80
     volumes:
       # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
-      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
+      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
       # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     depends_on:

.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,13 +161,13 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
@@ -176,12 +175,7 @@ http {
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {

.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: MariaDB is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/mariadb

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: MariaDB is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/mariadb
@@ -44,7 +45,7 @@ services:
     restart: always
     volumes:
       # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
-      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
+      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
       # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     environment:
@@ -105,7 +106,7 @@ services:
     depends_on:
       - proxy
 
-# self signed, outdated. 
+# self signed, outdated.
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,13 +161,13 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
@@ -176,12 +175,7 @@ http {
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {

.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: PostgreSQL is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/postgres

.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml

@@ -1,3 +1,4 @@
+---
 services:
   # Note: PostgreSQL is an external service. You can find more information about the configuration here:
   # https://hub.docker.com/_/postgres

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf

@@ -83,7 +83,6 @@ http {
         add_header X-Frame-Options                      "SAMEORIGIN"        always;
         add_header X-Permitted-Cross-Domain-Policies    "none"              always;
         add_header X-Robots-Tag                         "noindex, nofollow" always;
-        add_header X-XSS-Protection                     "1; mode=block"     always;
 
         # Remove X-Powered-By, which is an information leak
         fastcgi_hide_header X-Powered-By;
@@ -162,13 +161,13 @@ http {
             fastcgi_pass php-handler;
 
             fastcgi_intercept_errors on;
-            fastcgi_request_buffering off;
+            fastcgi_request_buffering on;                   # Required as PHP-FPM does not support chunked transfer encoding and requires a valid ContentLength header.
 
             fastcgi_max_temp_file_size 0;
         }
 
         # Serve static files
-        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac|mp4|webm)$ {
             try_files $uri /index.php$request_uri;
             add_header Cache-Control "public, max-age=15778463$asset_immutable";
             add_header Referrer-Policy                   "no-referrer"       always;
@@ -176,12 +175,7 @@ http {
             add_header X-Frame-Options                   "SAMEORIGIN"        always;
             add_header X-Permitted-Cross-Domain-Policies "none"              always;
             add_header X-Robots-Tag                      "noindex, nofollow" always;
-            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
-
-            location ~ \.wasm$ {
-                default_type application/wasm;
-            }
         }
 
         location ~ \.(otf|woff2?)$ {

.github/workflows/images.yml

@@ -1,3 +1,4 @@
+---
 name: Images
 
 on:
@@ -5,7 +6,7 @@ on:
   workflow_run:
     workflows: ["update.sh"]
     branches: [master]
-    types: 
+    types:
       - completed
 
 defaults:

.github/workflows/update-sh.yml

@@ -1,11 +1,12 @@
+---
 name: update.sh
 
 on:
   push:
     branches:
-    - master
+      - master
   schedule:
-  - cron:  '15 18 * * *'
+    - cron: '15 18 * * *'
   workflow_dispatch:
 
 jobs:
@@ -13,17 +14,17 @@ jobs:
     name: Run update.sh script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: Run update.sh script
-      run: ./update.sh
-    - name: Commit files
-      run: |
-        git config --local user.email "workflow@github.com"
-        git config --local user.name "GitHub Workflow"
-        git add -A
-        git commit -m "Runs update.sh" || echo "Nothing to update"
-    - name: Push changes
-      uses: ad-m/github-push-action@master
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        force: true
+      - uses: actions/checkout@v4
+      - name: Run update.sh script
+        run: ./update.sh
+      - name: Commit files
+        run: |
+          git config --local user.email "workflow@github.com"
+          git config --local user.name "GitHub Workflow"
+          git add -A
+          git commit -m "Runs update.sh" || echo "Nothing to update"
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          force: true