Implement content security policies
phpcs-errors:253 phpunit-status:successful
This commit is contained in:
parent
0385752c6e
commit
1bccab2da2
34
.htaccess
Normal file
34
.htaccess
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
RewriteEngine On # Turn on the rewriting engine
|
||||||
|
|
||||||
|
# Disallow access to the given subfolders
|
||||||
|
RewriteRule ^(\.git|conf|vendor/|composer\.json|composer\.lock|functions) - [F,L,NC]
|
||||||
|
|
||||||
|
# Only allow GET|HEAD|POST
|
||||||
|
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|OPTIONS)
|
||||||
|
RewriteRule .? - [F]
|
||||||
|
|
||||||
|
# RewriteCond %{REQUEST_URI} output=json
|
||||||
|
# RewriteRule ^.*$ - [ENV=LONGCACHE:true]
|
||||||
|
# Header set Access-Control-Allow-Origin "*" env=LONGCACHE
|
||||||
|
# Header set Access-Control-Allow-Methods "GET, OPTIONS" env=LONGCACHE
|
||||||
|
# Header set Access-Control-Allow-Headers "X-PINGOTHER, Content-Type, Accept-Encoding, cache-control" env=LONGCACHE
|
||||||
|
# Header set Access-Control-Max-Age "86400" env=LONGCACHE
|
||||||
|
HEADER set X-Frame-Options DENY env=LONGCACHE
|
||||||
|
|
||||||
|
# RewriteCond %{REQUEST_FILENAME} -f
|
||||||
|
# RewriteRule ^(.+)\.pdf$ /cgi-bin/pdf.php?file=$1 [L,NC,QSA]
|
||||||
|
|
||||||
|
# Disallow execution of the following types of scripts
|
||||||
|
RemoveHandler cgi-script .pl .py .cgi .sh
|
||||||
|
|
||||||
|
## MAIN DEFAULTS
|
||||||
|
Options -Indexes
|
||||||
|
DirectoryIndex index.php
|
||||||
|
|
||||||
|
# Set deailt charset
|
||||||
|
AddDefaultCharset UTF-8
|
||||||
|
|
||||||
|
# Set content and feature security headers
|
||||||
|
Header set Content-Security-Policy "default-src 'self'; connect-src 'self'; script-src 'self' https://*.jrenslin.de; img-src 'self' https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action https://nat.museum-digital.de;"
|
||||||
|
Header set Feature-Policy "midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'self'; gyroscope 'self'; speaker *; payment 'none'; fullscreen 'self'; geolocation 'none';"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user