Open x.scambi.org to external access and set cache policy

[xplosionmind]

No description provided.

[moka-co]

Could you elaborate more on “Open x.scambi.org to external access” please ?
x.scambi.org contains personal data, so my suggestion would be to set cache policy to private

https://howtogeek.com/devops/how-to-configure-cache-control-headers-in-nginx

[xplosionmind]

x.scambi.org contains personal data, so my suggestion would be to set cache policy to private

As already discussed several times privately, in x.scambi.org the only “sensitive” information are members' profile pictures, which will be displayed on the main website (scambi.org/chi-siamo) as soon as I will find the time to code it.

Each member of our association signed a privacy document that gives us rights to display their profile picture.

In any case, if someone does not want their profile picture to be displayed, even if we are legally entitled to show it, we can remove it.

Note

The cache policy I intended is about cache duration time, not its privacy. Still, also the privacy level should be reduced so that, for example, we can load fonts stored in x.scambi.org on pan.rent. This is not possible right now.

[moka-co]

Ok, after the latest commit, i believe it should be possible to load fonts stored in x.scambi.org from another domain, since the directive:
Access-Control-Allow-Origin is set to "*" i.e any origin.

If that doesn't work, i need more details, like a code error and how you're trying to load the fonts.

About cache duration time, right now is set ( max-age= ) to "300" (5 minutes), if you think that's not enough tell me what would be an appropriate value.

[xplosionmind]

Thanks a lot @MOKASSINO! For max-age I would put 30 days