fix: nginx config

Author: Tardo

templates/nginx.conf.template

@@ -1,5 +1,3 @@
-user privoxy;
-
 worker_processes  auto;
 
 events {
@@ -36,10 +34,6 @@ http {
     # HSTS (ngx_http_headers_module is required) (63072000 seconds)
     add_header Strict-Transport-Security "max-age=63072000" always;
 
-    # comply with Content Security policy
-    add_header Content-Type "text/css";
-    add_header X-Content-Type-Options nosniff;
-
     #root = --webDir parameter value
     root /usr/local/etc/adblock2privoxy/css;
 
@@ -59,19 +53,25 @@ http {
     }
 
     location ~ ^/+(ab2p(?:\.common)?\.css) {
-        # ab2p.css in top-level directory
-        try_files $uri $1;
+      # ab2p.css in top-level directory
+      default_type text/css;
+      add_header X-Content-Type-Options nosniff;
+      try_files $uri $1;
     }
 
     location ~ ^/[^/.]+\..+/ab2p\.css$ {
-        # first reverse domain names order
-    rewrite ^/([^/]*?)\.([^/.]+)(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?/ab2p.css$ /$9/$8/$7/$6/$5/$4/$3/$2/$1/ab2p.css last;
+      # first reverse domain names order
+      default_type text/css;
+      add_header X-Content-Type-Options nosniff;
+      rewrite ^/([^/]*?)\.([^/.]+)(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?(?:\.([^/.]+))?/ab2p.css$ /$9/$8/$7/$6/$5/$4/$3/$2/$1/ab2p.css last;
     }
 
     location ~ (^.*/+)[^/]+/+ab2p\.css {
-        # then try to get CSS for current domain
-        # if it is unavailable - get CSS for parent domain
-        try_files $uri $1ab2p.css;
+      # then try to get CSS for current domain
+      # if it is unavailable - get CSS for parent domain
+      default_type text/css;
+      add_header X-Content-Type-Options nosniff;
+      try_files $uri $1ab2p.css;
     }
   }
 }

tests/test_privoxy.py

@@ -47,16 +47,37 @@ def test_https_no_adblock_filters(self):
         except ConnectionError:
             pass  # 99% blocked by external software
 
+    def test_http_adblock_blackhole(self, docker_privoxy, make_request, env_info):
+        resp = requests.get(f"http://{env_info['ip']}/@blackhole")
+        assert resp.status_code == 200
+        mime_type = resp.headers.get("Content-Type")
+        assert mime_type == "text/html"
+        assert "adblock2privoxy" in resp.text
+
+    def test_https_adblock_blackhole(self, docker_privoxy, make_request, env_info):
+        resp = requests.get(
+            f"https://{env_info['ip']}/@blackhole",
+            verify="./tests/privoxy-ca-bundle.crt",
+        )
+        assert resp.status_code == 200
+        mime_type = resp.headers.get("Content-Type")
+        assert mime_type == "text/html"
+        assert "adblock2privoxy" in resp.text
+
     def test_http_adblock_css_filters(self, docker_privoxy, make_request, env_info):
         resp = requests.get(f"http://{env_info['ip']}/ab2p.common.css")
         assert resp.status_code == 200
+        mime_type = resp.headers.get("Content-Type")
+        assert mime_type == "text/css"
 
     def test_https_adblock_css_filters(self, docker_privoxy, make_request, env_info):
         resp = requests.get(
             f"https://{env_info['ip']}/ab2p.common.css",
             verify="./tests/privoxy-ca-bundle.crt",
         )
         assert resp.status_code == 200
+        mime_type = resp.headers.get("Content-Type")
+        assert mime_type == "text/css"
 
     def test_http_privman_blocklist(self, docker_privoxy, make_request, exec_privman):
         resp = exec_privman(docker_privoxy, "--add-blocklist", ".google.")