79 lines
2.4 KiB
ApacheConf
79 lines
2.4 KiB
ApacheConf
Options -indexes
|
|
|
|
Header always set Content-Security-Policy "default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; \
|
|
font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; \
|
|
form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'; \
|
|
report-uri https://danielmicay.report-uri.com/r/d/csp/enforce"
|
|
|
|
Header always set Feature-Policy "accelerometer 'none'; \
|
|
ambient-light-sensor 'none'; \
|
|
autoplay 'none'; \
|
|
battery 'none'; \
|
|
camera 'none'; \
|
|
display-capture 'none'; \
|
|
document-domain 'none'; \
|
|
encrypted-media 'none'; \
|
|
fullscreen 'none'; \
|
|
geolocation 'none'; \
|
|
gyroscope 'none'; \
|
|
magnetometer 'none'; \
|
|
microphone 'none'; \
|
|
midi 'none'; \
|
|
payment 'none'; \
|
|
picture-in-picture 'none'; \
|
|
speaker 'none'; \
|
|
sync-xhr 'none'; \
|
|
usb 'none'; \
|
|
wake-lock 'none'; \
|
|
xr-spatial-tracking 'none'"
|
|
|
|
<FilesMatch "\.(html|txt|webmanifest|xml)$">
|
|
Header set Cache-Control "public, max-age=1800"
|
|
</FilesMatch>
|
|
|
|
<FilesMatch "\.(ico)$">
|
|
Header set Cache-Control "public, max-age=86400"
|
|
</FilesMatch>
|
|
|
|
<FilesMatch "\.(css|js|png|svg|woff2)$">
|
|
Header set Cache-Control "public, max-age=31536000"
|
|
</FilesMatch>
|
|
|
|
RedirectMatch 301 ^/security.txt$ /.well-known/security.txt
|
|
RedirectMatch 301 ^/graphene.png$ /logo.png
|
|
|
|
RedirectMatch 301 ^/pdfviewer_privacy_policy$ /pdfviewer-privacy-policy
|
|
RedirectMatch 301 ^/safari_pinned_tab_icon.svg$ /mask-icon.svg
|
|
RedirectMatch 301 ^/safari-pinned-tab-icon.svg$ /mask-icon.svg
|
|
RedirectMatch 301 ^/bitcoin_address.png$ /bitcoin-address.png
|
|
|
|
# http://www.twipu.com/GrapheneOS doesn't handle links with fragments properly
|
|
RedirectMatch 301 "^/(.*)<a href=$" /$1
|
|
|
|
RewriteEngine on
|
|
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME}\.html -f
|
|
RewriteRule ^([^\.]+)$ $1.html [L]
|
|
|
|
RewriteCond %{ENV:REDIRECT_STATUS} ^$
|
|
RewriteCond %{REQUEST_URI} ".*\.html$"
|
|
RewriteCond %{REQUEST_FILENAME} -f
|
|
RewriteRule ^(.*)\.html$ /$1 [L,R=301]
|
|
|
|
<Files "LICENSE">
|
|
ForceType text/plain
|
|
</Files>
|
|
|
|
AddType application/manifest+json webmanifest
|
|
AddType font/woff2 woff2
|
|
|
|
AddOutputFilterByType DEFLATE application/manifest+json
|
|
AddOutputFilterByType DEFLATE application/javascript
|
|
AddOutputFilterByType DEFLATE image/vnd.microsoft.icon
|
|
AddOutputFilterByType DEFLATE image/svg+xml
|
|
AddOutputFilterByType DEFLATE text/css
|
|
AddOutputFilterByType DEFLATE text/html
|
|
AddOutputFilterByType DEFLATE text/plain
|