beenull/forkbb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update .htaccess

Browse source 
Add Permissions-Policy header
This commit is contained in:
Visman 2021-01-14 10:10:36 +07:00
parent 0e09dc7202
commit 1c80626fbd
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.dist.htaccess
View file

@ -55,14 +55,15 @@ AddDefaultCharset UTF-8
Header always set X-Content-Type-Options "nosniff" "expr=-z %{resp:X-Content-Type-Options}"
Header always set X-Frame-Options "DENY" "expr=-z %{resp:X-Frame-Options}"
Header always set X-XSS-Protection "1; mode=block" "expr=-z %{resp:X-XSS-Protection}"
Header always set Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),document-domain=(self),fullscreen=(self),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),sync-xhr=(self),usb=()" "expr=-z %{resp:Permissions-Policy}"
# Remove headers containing php information
Header unset X-Powered-By
Header always unset X-Powered-By
</ifModule>
# Hiding information about the system (Probably a ban on changes through .htaccess)
#ServerTokens ProductOnly
#ServerSignature Off
# Hiding information about the system
ServerSignature Off
#ServerTokens ProductOnly # Use only in server config, do not use in .htaccess
# More info: https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess

7
public/.dist.htaccess
View file

@ -55,14 +55,15 @@ AddDefaultCharset UTF-8
Header always set X-Content-Type-Options "nosniff" "expr=-z %{resp:X-Content-Type-Options}"
Header always set X-Frame-Options "DENY" "expr=-z %{resp:X-Frame-Options}"
Header always set X-XSS-Protection "1; mode=block" "expr=-z %{resp:X-XSS-Protection}"
Header always set Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),document-domain=(self),fullscreen=(self),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),sync-xhr=(self),usb=()" "expr=-z %{resp:Permissions-Policy}"
# Remove headers containing php information
Header unset X-Powered-By
Header always unset X-Powered-By
</ifModule>
# Hiding information about the system (Probably a ban on changes through .htaccess)
#ServerTokens ProductOnly
#ServerSignature Off
# Hiding information about the system
ServerSignature Off
#ServerTokens ProductOnly # Use only in server config, do not use in .htaccess
# More info: https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess