-
Notifications
You must be signed in to change notification settings - Fork 0
/
htaccess.html
187 lines (167 loc) · 8.02 KB
/
htaccess.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
---
title: .htaccess
permalink: .htaccess
---
{%- capture include_to_scssify -%}
{%- include style/_layout.scss -%}
{%- include style/_nav.scss -%}
{%- endcapture -%}
{%- assign headCssSha = include_to_scssify | scssify | strip | sha256 -%}
{%- assign cspDefault = "default-src 'none'" -%}
{%- assign cspScript = "script-src 'self' https://unpkg.com" -%}
{%- assign cspStyle = "style-src 'self' 'sha256-+7TbgfG3AwuCE7gGrPQfmMZXB3vcSikbpmiAABFjeuo='" -%}
{%- assign cspImg = "img-src 'self' *.staticflickr.com *.flickr.com www.paypalobjects.com data:" -%}
{%- assign cspConnect = "connect-src 'self'" -%}
{%- assign cspFrame = "frame-src *.youtube.com" -%}
{%- assign cspAncestors = "frame-ancestors 'none'" -%}
{%- assign cspObjectSrc = "object-src 'none'" -%}
{%- assign cspBaseUri = "base-uri 'self'" -%}
{%- assign cspFormAction = "form-action 'self' https://www.paypal.com" -%}
{%- assign cspManifestSrc = "manifest-src 'self'" -%}
{%- assign cspFontSrc = "font-src 'none'" -%}
{%- assign cspUpgradeInsecureRequests = "upgrade-insecure-requests" -%}
{%- assign cspTrustedTypes = "require-trusted-types-for 'script'" -%}
<IfModule mod_ssl.c>
SSLOptions +StrictRequire +StdEnvVars -OptRenegotiate
</IfModule>
<IfModule mod_headers.c>
{% if jekyll.environment == 'production' -%}
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
{%- endif %}
Header unset ETag
# It won't work but dammit, I'm gonna say it anyway
Header unset Server
Header unset X-Powered-By
Header set X-XSS-Protection: "1; mode=block"
Header set X-Content-Type-Options nosniff
# interest-cohort blocks (the now dead?) google FLoC: https://twitter.com/henshaw/status/1383807527935119363
# browsing-topics blocks google topics
Header set Permissions-Policy: "geolocation=(), camera=(), microphone=(), payment=(), screen-wake-lock=(), interest-cohort=(), browsing-topics=()"
Header set Referer-Policy: "origin"
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: DENY
Header set Cache-Control: "no-transform, immutable, public"
Header set Content-Security-Policy: "{{ cspDefault }}; {{ cspBaseUri }}; {{ cspFormAction }}; {{ cspScript }}; {{ cspImg }}; {{ cspStyle }} 'sha256-{{ headCssSha }}'; {{ cspConnect }}; {{ cspFrame }}; {{ cspAncestors }}; {{ cspObjectSrc }}; {{ cspManifestSrc }}; {{ cspFontSrc }}; {{ cspUpgradeInsecureRequests }}; {{ cspTrustedTypes }};"
Header set Referrer-Policy: "strict-origin-when-cross-origin"
<If "%{HTTP_USER_AGENT} =~ /(MSIE|Edge)s*/i">
Header set X-UA-Compatible: "IE=Edge,chrome=1"
</If>
</IfModule>
FileETag None
IndexIgnore *
DirectoryIndex index.html index.php
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html
AddDefaultCharset utf-8
AddCharset utf-8 .css .js .xml .json .atom
AddType application/javascript js
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
AddType image/x-icon ico
AddType text/cache-manifest appcache manifest
AddType text/x-web-app-manifest+json webapp
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
{% if jekyll.environment == 'production-never' -%}
# php_value upload_max_file_size 2M
# php_value post_max_size 2M
php_flag log_errors on
php_flag display_errors off
php_value error_reporting 32767
{%- endif %}
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# mod_headers, y u no match by Content-Type?!
<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/cache-manifest "access plus 0 seconds"
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType text/xml "access plus 1 hour"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"
ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
<IfModule filter_module>
FilterDeclare COMPRESS
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$text/html'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$text/css'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$text/plain'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$text/xml'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$text/x-component'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/javascript'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/json'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/xml'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/xhtml+xml'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/rss+xml'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/atom+xml'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/vnd.ms-fontobject'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$image/svg+xml'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$image/x-icon'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$application/x-font-ttf'"
FilterProvider COMPRESS DEFLATE "%{Content_Type} = '$font/opentype'"
FilterChain COMPRESS
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# deny access to dot files/directories
RewriteCond %{SCRIPT_FILENAME} -d
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
{% if jekyll.environment == 'production' -%}
# I'm told this is the future...
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
{%- endif %}
# catch avatar requests, always serve svg
RewriteCond %{REQUEST_URI} ^/avatar\.
RewriteRule ^(.*)\.([a-z]{3})? /avatar/index.php?type=svg [L,NC,QSA]
# catch old RSS feed url
RewriteCond %{REQUEST_URI} ^/rss
RewriteRule ^(.*)$ /feed.xml [L,R=301]
RewriteCond %{REQUEST_URI} ^/feed/?$
RewriteRule ^(.*)$ /feed.xml [L,R=301]
# video & tokens
RewriteCond %{REQUEST_URI} ^/video
RewriteRule . - [L,NC,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^token.* /token/index.php [L]
# ensure file extensions
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.+)$ $1\.html [L]
</IfModule>
{% assign cacheKey = site.time | date: '%s' -%}
<FilesMatch "\.html$">
Header set Link "</css/main.css?v={{ cacheKey }}>; rel=preload; as=style, </js/behavior.min.js?v={{ cacheKey }}>; rel=preload; as=script, </assets/big-frog.optimized.svg>; rel=preload; as=image; type=image/svg+xml, </assets/name.optimized.svg>; rel=preload; as=image; type=image/svg+xml"
</FilesMatch>