mirror of
https://github.com/the-djmaze/snappymail.git
synced 2024-11-11 01:23:43 +08:00
260ef6dc9d
On Apache httpd, ./.htaccess sets HSTS if mod_headers is loaded, but though ./v/0.0.0/include.php does the same if envvar "HTTPS" is set, resulting in duplicate and thus invalid HSTS headers. One needs to go.
44 lines
1.6 KiB
ApacheConf
44 lines
1.6 KiB
ApacheConf
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
# Redirect cPanel
|
|
RewriteRule cpsess.* https://%{HTTP_HOST}/ [L,R=301]
|
|
</IfModule>
|
|
|
|
<IfModule mod_expires.c>
|
|
ExpiresActive On
|
|
ExpiresByType text/css A15768000
|
|
ExpiresByType text/html A15768000
|
|
ExpiresByType application/javascript A15768000
|
|
ExpiresByType image/gif A15768000
|
|
ExpiresByType image/jpeg A15768000
|
|
ExpiresByType image/png A15768000
|
|
ExpiresByType image/svg+xml A15768000
|
|
ExpiresByType image/webp A15768000
|
|
ExpiresByType image/vnd.microsoft.icon A15768000
|
|
ExpiresByType font/woff A15768000
|
|
ExpiresByType font/woff2 A15768000
|
|
</IfModule>
|
|
|
|
<IfModule mod_headers.c>
|
|
# Header set Cache-Control "public, max-age=31536000"
|
|
# Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'"
|
|
# Header set Referrer-Policy "no-referrer"
|
|
# Header set Strict-Transport-Security "max-age=31536000"
|
|
Header set imagetoolbar "no"
|
|
# Header set X-Content-Type-Options "nosniff"
|
|
# Header set X-Frame-Options "DENY"
|
|
# Header set X-XSS-Protection "1; mode=block"
|
|
Header set Service-Worker-Allowed "/"
|
|
|
|
# Google FLoC
|
|
# Header set Permissions-Policy "interest-cohort=()"
|
|
</IfModule>
|
|
|
|
#<IfModule mod_brotli.c>
|
|
# AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript
|
|
#</IfModule>
|
|
|
|
<IfModule mod_deflate.c>
|
|
AddOutputFilterByType DEFLATE text/css text/html text/plain text/xml application/xml text/javascript application/javascript
|
|
AddOutputFilterByType DEFLATE font/opentype font/otf font/ttf font/woff
|
|
</IfModule>
|