post upgrade for v1.3.4 and angular fix

v1.3.4/home/pi/HoneyPi/overlays/lighttpd.conf

@@ -0,0 +1,70 @@
+server.modules = (
+	"mod_indexfile",
+	"mod_access",
+	"mod_alias",
+    "mod_redirect",
+    "mod_setenv"
+)
+
+server.document-root        = "/var/www/html"
+server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "www-data"
+server.groupname            = "www-data"
+server.port                 = 80
+
+# strict parsing and normalization of URL for consistency and security
+# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
+# (might need to explicitly set "url-path-2f-decode" = "disable"
+#  if a specific application is encoding URLs inside url-path)
+server.http-parseopts = (
+  "header-strict"           => "enable",# default
+  "host-strict"             => "enable",# default
+  "host-normalize"          => "enable",# default
+  "url-normalize-unreserved"=> "enable",# recommended highly
+  "url-normalize-required"  => "enable",# recommended
+  "url-ctrls-reject"        => "enable",# recommended
+  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
+ #"url-path-2f-reject"      => "enable",
+  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
+ #"url-path-dotseg-reject"  => "enable",
+ #"url-query-20-plus"       => "enable",# consistency in query string
+)
+
+index-file.names            = ( "index.php", "index.html" )
+url.access-deny             = ( "~", ".inc" )
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+compress.cache-dir          = "/var/cache/lighttpd/compress/"
+compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
+
+# default listening port for IPv6 falls back to the IPv4 port
+include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
+include_shell "/usr/share/lighttpd/create-mime.conf.pl"
+include "/etc/lighttpd/conf-enabled/*.conf"
+
+#server.compat-module-load   = "disable"
+server.modules += (
+	"mod_compress",
+	"mod_dirlisting",
+	"mod_staticfile",
+)
+
+# custom HoneyPi config:
+
+# redirect to angular single page app
+server.error-handler-404 = "/index.html"
+
+# add security response headers
+setenv.add-response-header += (
+    "Content-Security-Policy" => "default-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';font-src 'self';img-src 'self' data:;connect-src 'self'",
+    "X-Frame-Options" => "SAMEORIGIN",
+    "X-Content-Type-Options" => "nosniff",
+    "X-XSS-Protection" => "1; mode=block",
+    "Referrer-Policy" => "origin",
+    "Feature-Policy" => "camera 'none'; microphone 'none'; geolocation 'none'; payment 'none'",
+    "Cache-Control" => "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
+)
+
+server.tag = "HoneyPi"

v1.3.3/post-upgrade.sh → v1.3.4/post-upgrade.sh

@@ -12,7 +12,7 @@ if [ "$(id -u)" != 0 ]; then
     exit 1
 fi
 
-VERSION="v1.3.3"
+VERSION="v1.3.4"
 
 echo '>>> Running post-upgrade script...'
 
@@ -69,5 +69,14 @@ else
    cp /home/pi/HoneyPi/rpi-scripts/$VERSION/home/pi/HoneyPi/overlays/hostapd.conf.tmpl /etc/hostapd/hostapd.conf.tmpl
 fi
 
+# changes after v1.3.4
+if cmp -s /etc/lighttpd/lighttpd.conf /home/pi/HoneyPi/rpi-scripts/$VERSION/home/pi/HoneyPi/overlays/lighttpd.conf
+then
+   echo "The lighttpd.conf default conf file is already the correct file..."
+else
+   echo "The lighttpd.conf default conf file is different..."
+   cp /home/pi/HoneyPi/rpi-scripts/$VERSION/home/pi/HoneyPi/overlays/lighttpd.conf /etc/lighttpd/lighttpd.conf
+fi
+
 
 echo "postupdatefinished 1" >> /var/www/html/version.txt