standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-06 23:00:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add CSP policy in Apache config, and explicitly disable caching of PHP fiels

Browse source
This commit is contained in:
Alex Cabal 2020-08-31 10:58:39 -05:00
parent a32711acc3
commit d649df75f0
2 changed files with 6 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

12
config/apache/standardebooks.org.conf
View file

@ -66,14 +66,7 @@ Define domain standardebooks.org
SSLCertificateFile /etc/letsencrypt/live/${domain}/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/${domain}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/${domain}/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/${domain}/privkey.pem
Header always set Strict-Transport-Security "max-age=15768000" Header always set Strict-Transport-Security "max-age=15768000"
Header set Content-Security-Policy "default-src 'self';"
# CSP still causes a lot of problems with Firefox (can't use inline CSS debugger, etc.) so disable for now.
# Header set Content-Security-Policy "default-src 'self';"
# # Below is required to fix a Firefox bug with CSP and SVG images; see https://pokeinthe.io/2016/04/09/black-icons-with-svg-and-csp/
# <FilesMatch "\.svg$">
# Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
# </FilesMatch>
# Log downloads # Log downloads
SetEnvIf Request_URI "\.epub$" logdownload SetEnvIf Request_URI "\.epub$" logdownload
@ -132,7 +125,8 @@ Define domain standardebooks.org
# Forward all PHP requests to the php-fpm pool for this domain. # Forward all PHP requests to the php-fpm pool for this domain.
<FilesMatch \.php$> <FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/${domain}.sock|fcgi://${domain}" SetHandler "proxy:unix:/run/php/${domain}.sock|fcgi://${domain}"
Header set Cache-Control "no-store"
</FilesMatch> </FilesMatch>
# Set some proxy properties. # Set some proxy properties.

12
config/apache/standardebooks.test.conf
View file

@ -65,14 +65,7 @@ Define domain standardebooks.test
SSLCertificateFile /standardebooks.org/web/config/ssl/${domain}.crt SSLCertificateFile /standardebooks.org/web/config/ssl/${domain}.crt
SSLCertificateKeyFile /standardebooks.org/web/config/ssl/${domain}.key SSLCertificateKeyFile /standardebooks.org/web/config/ssl/${domain}.key
Header always set Strict-Transport-Security "max-age=15768000" Header always set Strict-Transport-Security "max-age=15768000"
Header set Content-Security-Policy "default-src 'self';"
# CSP still causes a lot of problems with Firefox (can't use inline CSS debugger, etc.) so disable for now.
# Header set Content-Security-Policy "default-src 'self';"
# # Below is required to fix a Firefox bug with CSP and SVG images; see https://pokeinthe.io/2016/04/09/black-icons-with-svg-and-csp/
# <FilesMatch "\.svg$">
# Header set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
# </FilesMatch>
# Log downloads # Log downloads
SetEnvIf Request_URI "\.epub$" logdownload SetEnvIf Request_URI "\.epub$" logdownload
@ -131,7 +124,8 @@ Define domain standardebooks.test
# Forward all PHP requests to the php-fpm pool for this domain. # Forward all PHP requests to the php-fpm pool for this domain.
<FilesMatch \.php$> <FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/${domain}.sock|fcgi://${domain}" SetHandler "proxy:unix:/run/php/${domain}.sock|fcgi://${domain}"
Header set Cache-Control "no-store"
</FilesMatch> </FilesMatch>
# Set some proxy properties. # Set some proxy properties.