diff --git a/angie/conf/brotli/types.conf.j2 b/angie/conf/brotli/types.conf.j2 index d719410..38b2321 100644 --- a/angie/conf/brotli/types.conf.j2 +++ b/angie/conf/brotli/types.conf.j2 @@ -3,7 +3,7 @@ {%- if mime_types -%} brotli_types {%- for t in mime_types %} - {{ t }} + {{ t | ngx_esc }} {%- endfor %} ; {%- endif -%} \ No newline at end of file diff --git a/angie/conf/gzip/types.conf.j2 b/angie/conf/gzip/types.conf.j2 index 6dc5194..afaac96 100644 --- a/angie/conf/gzip/types.conf.j2 +++ b/angie/conf/gzip/types.conf.j2 @@ -3,7 +3,7 @@ {%- if mime_types -%} gzip_types {%- for t in mime_types %} - {{ t }} + {{ t | ngx_esc }} {%- endfor %} ; {%- endif -%} \ No newline at end of file diff --git a/angie/conf/http-ssl.conf.j2 b/angie/conf/http-ssl.conf.j2 index 9c24ee4..996d674 100644 --- a/angie/conf/http-ssl.conf.j2 +++ b/angie/conf/http-ssl.conf.j2 @@ -4,7 +4,7 @@ include conf/ssl/*.conf; ssl_buffer_size 4k; {%- if env.NGX_HTTP_SSL_PROFILE %} -include snip/ssl-{{ env.NGX_HTTP_SSL_PROFILE }}; +include {{ "snip/ssl-{}".format(env.NGX_HTTP_SSL_PROFILE) | ngx_esc }}; {%- endif %} {%- if j2cfg.tls.stapling.enable %} diff --git a/angie/conf/mail-ssl.conf.j2 b/angie/conf/mail-ssl.conf.j2 index 803cc1f..81b3c90 100644 --- a/angie/conf/mail-ssl.conf.j2 +++ b/angie/conf/mail-ssl.conf.j2 @@ -1,5 +1,5 @@ include conf/ssl/*.conf; {%- if env.NGX_MAIL_SSL_PROFILE %} -include snip/ssl-{{ env.NGX_MAIL_SSL_PROFILE }}; +include {{ "snip/ssl-{}".format(env.NGX_MAIL_SSL_PROFILE) | ngx_esc }}; {%- endif %} diff --git a/angie/conf/stream-ssl.conf.j2 b/angie/conf/stream-ssl.conf.j2 index 5c3d156..ab0c317 100644 --- a/angie/conf/stream-ssl.conf.j2 +++ b/angie/conf/stream-ssl.conf.j2 @@ -1,5 +1,5 @@ include conf/ssl/*.conf; {%- if env.NGX_STREAM_SSL_PROFILE %} -include snip/ssl-{{ env.NGX_STREAM_SSL_PROFILE }}; +include {{ "snip/ssl-{}".format(env.NGX_STREAM_SSL_PROFILE) | ngx_esc }}; {%- endif %} diff --git a/angie/conf/zstd/types.conf.j2 b/angie/conf/zstd/types.conf.j2 index 924c58a..4237761 100644 --- a/angie/conf/zstd/types.conf.j2 +++ b/angie/conf/zstd/types.conf.j2 @@ -3,7 +3,7 @@ {%- if mime_types -%} zstd_types {%- for t in mime_types %} - {{ t }} + {{ t | ngx_esc }} {%- endfor %} ; {%- endif -%} \ No newline at end of file diff --git a/angie/snip/fastcgi-response-headers.j2 b/angie/snip/fastcgi-response-headers.j2 index bf35af6..530c414 100644 --- a/angie/snip/fastcgi-response-headers.j2 +++ b/angie/snip/fastcgi-response-headers.j2 @@ -3,5 +3,5 @@ {%- set resp_hdr_dict = j2cfg.response_headers or {} -%} {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%} {%- for h in resp_hdr_list %} -fastcgi_hide_header {{ h }}; +fastcgi_hide_header {{ h | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/angie/snip/grpc-request-headers.j2 b/angie/snip/grpc-request-headers.j2 index b4f3eb8..866f32a 100644 --- a/angie/snip/grpc-request-headers.j2 +++ b/angie/snip/grpc-request-headers.j2 @@ -2,5 +2,5 @@ ## set/remove request headers {%- set req_hdr_dict = j2cfg.request_headers or {} -%} {%- for h, v in req_hdr_dict|dictsort %} -grpc_set_header {{ h }} {{ v | ngx_esc }}; +grpc_set_header {{ h | ngx_esc }} {{ v | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/angie/snip/grpc-response-headers.j2 b/angie/snip/grpc-response-headers.j2 index f3717a2..7a90576 100644 --- a/angie/snip/grpc-response-headers.j2 +++ b/angie/snip/grpc-response-headers.j2 @@ -3,5 +3,5 @@ {%- set resp_hdr_dict = j2cfg.response_headers or {} -%} {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%} {%- for h in resp_hdr_list %} -grpc_hide_header {{ h }}; +grpc_hide_header {{ h | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/angie/snip/http-response-headers.j2 b/angie/snip/http-response-headers.j2 index 541b42a..8924cbd 100644 --- a/angie/snip/http-response-headers.j2 +++ b/angie/snip/http-response-headers.j2 @@ -2,5 +2,5 @@ ## add response headers {%- set resp_hdr_dict = j2cfg.response_headers or {} -%} {%- for h, v in resp_hdr_dict|dictsort %} -add_header {{ h }} {{ v | ngx_esc }}; +add_header {{ h | ngx_esc }} {{ v | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/angie/snip/proxy-request-headers.j2 b/angie/snip/proxy-request-headers.j2 index 0fbca28..ce02e06 100644 --- a/angie/snip/proxy-request-headers.j2 +++ b/angie/snip/proxy-request-headers.j2 @@ -2,5 +2,5 @@ ## set/remove request headers {%- set req_hdr_dict = j2cfg.request_headers or {} -%} {%- for h, v in req_hdr_dict|dictsort %} -proxy_set_header {{ h }} {{ v | ngx_esc }}; +proxy_set_header {{ h | ngx_esc }} {{ v | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/angie/snip/proxy-response-headers.j2 b/angie/snip/proxy-response-headers.j2 index 93d0caa..9343265 100644 --- a/angie/snip/proxy-response-headers.j2 +++ b/angie/snip/proxy-response-headers.j2 @@ -3,5 +3,5 @@ {%- set resp_hdr_dict = j2cfg.response_headers or {} -%} {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%} {%- for h in resp_hdr_list %} -proxy_hide_header {{ h }}; +proxy_hide_header {{ h | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/angie/snip/scgi-response-headers.j2 b/angie/snip/scgi-response-headers.j2 index bbb0a31..35c0590 100644 --- a/angie/snip/scgi-response-headers.j2 +++ b/angie/snip/scgi-response-headers.j2 @@ -3,5 +3,5 @@ {%- set resp_hdr_dict = j2cfg.response_headers or {} -%} {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%} {%- for h in resp_hdr_list %} -scgi_hide_header {{ h }}; +scgi_hide_header {{ h | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/angie/snip/ssl-profile.j2inc b/angie/snip/ssl-profile.j2inc index c96e98a..dede1ec 100644 --- a/angie/snip/ssl-profile.j2inc +++ b/angie/snip/ssl-profile.j2inc @@ -1,28 +1,28 @@ {%- if ssl_profile.protocols %} -ssl_protocols {{ ssl_profile.protocols }}; +ssl_protocols {{ ssl_profile.protocols | ngx_esc }}; {%- endif %} {%- if ssl_profile.prefer_server_ciphers %} -ssl_prefer_server_ciphers {{ ssl_profile.prefer_server_ciphers }}; +ssl_prefer_server_ciphers {{ ssl_profile.prefer_server_ciphers | ngx_esc }}; {%- endif %} {%- if ssl_profile.ciphers %} -ssl_ciphers {{ ssl_profile.ciphers }}; +ssl_ciphers {{ ssl_profile.ciphers | ngx_esc }}; {%- endif %} {%- if ssl_profile.dhparam %} -ssl_dhparam {{ ssl_profile.dhparam }}; +ssl_dhparam {{ ssl_profile.dhparam | ngx_esc }}; {%- endif %} {%- if ssl_profile.ecdh_curve %} -ssl_ecdh_curve {{ ssl_profile.ecdh_curve }}; +ssl_ecdh_curve {{ ssl_profile.ecdh_curve | ngx_esc }}; {%- endif %} {%- if ssl_profile.session_cache %} -ssl_session_cache {{ ssl_profile.session_cache }}; +ssl_session_cache {{ ssl_profile.session_cache | ngx_esc }}; {%- endif %} {%- if ssl_profile.session_timeout %} -ssl_session_timeout {{ ssl_profile.session_timeout }}; +ssl_session_timeout {{ ssl_profile.session_timeout | ngx_esc }}; {%- endif %} {%- if ssl_profile.session_tickets %} -ssl_session_tickets {{ ssl_profile.session_tickets }}; +ssl_session_tickets {{ ssl_profile.session_tickets | ngx_esc }}; {%- endif %} {%- if ssl_profile.session_ticket_key %} -ssl_session_ticket_key {{ ssl_profile.session_ticket_key }}; +ssl_session_ticket_key {{ ssl_profile.session_ticket_key | ngx_esc }}; {%- endif %} diff --git a/angie/snip/uwsgi-response-headers.j2 b/angie/snip/uwsgi-response-headers.j2 index 85832b4..0a3b999 100644 --- a/angie/snip/uwsgi-response-headers.j2 +++ b/angie/snip/uwsgi-response-headers.j2 @@ -3,5 +3,5 @@ {%- set resp_hdr_dict = j2cfg.response_headers or {} -%} {%- set resp_hdr_list = resp_hdr_dict | dict_keys -%} {%- for h in resp_hdr_list %} -uwsgi_hide_header {{ h }}; +uwsgi_hide_header {{ h | ngx_esc }}; {%- endfor %} \ No newline at end of file diff --git a/doc/examples/config-template/README.md b/doc/examples/config-template/README.md index 0add8ce..a864fb7 100644 --- a/doc/examples/config-template/README.md +++ b/doc/examples/config-template/README.md @@ -3,12 +3,12 @@ configuration: ```nginx -{%- import 'snip/cache.j2mod' as ngx_cache -%} +{%- import 'snip/cache.j2mod' as _cache -%} {%- set my_caches = (j2cfg.my_caches or []) -%} {%- for h in my_caches %} -{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }} +{{ _cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }} {%- endfor %} server { diff --git a/doc/examples/config-template/conf/site/http-my-cache.conf.j2 b/doc/examples/config-template/conf/site/http-my-cache.conf.j2 index 21c5687..34e94a3 100644 --- a/doc/examples/config-template/conf/site/http-my-cache.conf.j2 +++ b/doc/examples/config-template/conf/site/http-my-cache.conf.j2 @@ -1,4 +1,4 @@ -{%- import 'snip/cache.j2mod' as ngx_cache -%} +{%- import 'snip/cache.j2mod' as _cache -%} {%- set my_caches = (j2cfg.my_caches or []) -%} map $uri @@ -34,7 +34,7 @@ proxy_cache_use_stale error timeout invalid_header updating http_429 ht proxy_cache_revalidate on; {%- for h in my_caches %} -{{ ngx_cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }} +{{ _cache.proxy_cache_path(h.name, size='10m', levels='1:2', inactive=h.max_time) }} {%- endfor %} server {