Kinou/portfolio-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
portfolio-website/public/.htaccess
kinou-p fc5bd0fa6d fix nginx
2025-10-02 19:05:03 +02:00

86 lines
3.4 KiB
ApacheConf
Raw Permalink Blame History

# Apache Configuration for Security Headers
<IfModule mod_headers.c>
# Content Security Policy (CSP) - Protection contre XSS
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"
# HTTP Strict Transport Security (HSTS)
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
# Cross-Origin-Opener-Policy (COOP)
Header always set Cross-Origin-Opener-Policy "same-origin"
# Cross-Origin-Resource-Policy (CORP)
Header always set Cross-Origin-Resource-Policy "same-origin"
# Cross-Origin-Embedder-Policy (COEP)
Header always set Cross-Origin-Embedder-Policy "require-corp"
# Protection contre le clickjacking
Header always set X-Frame-Options "DENY"
# Protection contre le MIME type sniffing
Header always set X-Content-Type-Options "nosniff"
# Protection XSS (legacy)
Header always set X-XSS-Protection "1; mode=block"
# Referrer Policy
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Permissions Policy
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), accelerometer=()"
</IfModule>
# Redirection HTTPS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
# SPA Fallback - Toutes les routes vers index.html
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
# Cache Control pour les assets statiques
<IfModule mod_expires.c>
ExpiresActive On
# Images
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
# CSS et JavaScript
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"
# Fonts
ExpiresByType font/woff "access plus 1 year"
ExpiresByType font/woff2 "access plus 1 year"
ExpiresByType font/ttf "access plus 1 year"
ExpiresByType font/otf "access plus 1 year"
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/font-woff2 "access plus 1 year"
# HTML (no cache)
ExpiresByType text/html "access plus 0 seconds"
</IfModule>
# Compression Gzip
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json application/xml application/rss+xml application/atom+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml
</IfModule>
Reference in New Issue View Git Blame Copy Permalink