-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy path.htaccess
More file actions
16 lines (14 loc) · 1.67 KB
/
.htaccess
File metadata and controls
16 lines (14 loc) · 1.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
RedirectMatch "^/.git" https://curl.dev/
Header set Content-Security-Policy: "upgrade-insecure-requests; block-all-mixed-content; default-src 'none'; img-src 'self'; style-src 'unsafe-inline' 'self'; form-action 'self'; frame-ancestors 'none'; require-trusted-types-for 'script';"
Header set Cross-Origin-Embedder-Policy: "require-corp"
Header set Cross-Origin-Opener-Policy: "same-origin"
Header set Cross-Origin-Resource-Policy: "same-origin"
Header set Permissions-Policy: "accelerometer=(), ambient-light-sensor=(), aria-notify=(), autoplay=(), bluetooth=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), language-detector=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), summarizer=(), translator=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
Header set Referrer-Policy: "strict-origin"
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "deny"
# Don't set CSP and CORP on CSS files because they are also loaded from other domains
<FilesMatch ".+\.(css|jpg|png|gif|txt|zip|mp3)$">
Header unset Content-Security-Policy:
Header unset Cross-Origin-Resource-Policy:
</FilesMatch>