christian.suessenguth/portal
1
0
Fork 0
forked from web/portal
Code Issues Pull Requests Projects Releases Wiki Activity

harden CSP and integrate CSP+RP into HTTP header

Browse Source
This commit is contained in:
Thomas Dedek
2019-12-23 14:19:22 +01:00
parent 0fa9f178aa
commit 8fd7432bde
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
public/.htaccess
View File

@@ -1,8 +1,15 @@
# authentication
AuthType Basic
AuthName "Geschuetzter Bereich. Zugangsdaten koennen beim AK-IT unbuerokratish angefordert werden."
AuthUserFile /home/pacs/ecg00/users/portal/doms/my.ecogood.world/.htpasswd
Require valid-user
# CSP Starter Policy: allows images, scripts, AJAX, and CSS from the same origin, and does not allow any other resources to load (eg object, frame, media, etc).
Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';"
# Referrer Policy
Header always set Referrer-Policy "no-referrer"
# redirection depending on the language
RewriteEngine on