h5bp updates, style.css now using stripped version + reorganized
This commit is contained in:
Ben Word
@@ -31,7 +31,7 @@
|
||||
<IfModule mod_headers.c>
|
||||
Header set X-UA-Compatible "IE=Edge,chrome=1"
|
||||
# mod_headers can't match by content-type, but we don't want to send this header on *everything*...
|
||||
<FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|xpi|safariextz|vcf)$" >
|
||||
<FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
|
||||
Header unset X-UA-Compatible
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
@@ -41,7 +41,7 @@
|
||||
# Cross-domain AJAX requests
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
# Serve cross-domain ajax requests, disabled.
|
||||
# Serve cross-domain Ajax requests, disabled by default.
|
||||
# enable-cors.org
|
||||
# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
|
||||
|
||||
@@ -50,6 +50,22 @@
|
||||
# </IfModule>
|
||||
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
# CORS-enabled images (@crossorigin)
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
# Send CORS headers if browsers request them; enabled by default.
|
||||
# developer.mozilla.org/en/CORS_Enabled_Image
|
||||
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
|
||||
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
|
||||
|
||||
<IfModule mod_setenvif.c>
|
||||
<IfModule mod_headers.c>
|
||||
SetEnvIf Origin ":" IS_CORS
|
||||
Header set Access-Control-Allow-Origin "*" env=IS_CORS
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
# Webfont access
|
||||
@@ -104,6 +120,7 @@ AddType image/webp webp
|
||||
AddType text/cache-manifest appcache manifest
|
||||
AddType text/x-component htc
|
||||
AddType application/x-chrome-extension crx
|
||||
AddType application/x-opera-extension oex
|
||||
AddType application/x-xpinstall xpi
|
||||
AddType application/octet-stream safariextz
|
||||
AddType text/x-vcard vcf
|
||||
@@ -198,59 +215,59 @@ AddType text/x-vcard vcf
|
||||
# If you don't use filenames to version, lower the CSS and JS to something like
|
||||
# "access plus 1 week" or so.
|
||||
|
||||
#<IfModule mod_expires.c>
|
||||
# ExpiresActive on
|
||||
# <IfModule mod_expires.c>
|
||||
# ExpiresActive on
|
||||
|
||||
# Perhaps better to whitelist expires rules? Perhaps.
|
||||
# ExpiresDefault "access plus 1 month"
|
||||
# ExpiresDefault "access plus 1 month"
|
||||
|
||||
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
|
||||
# ExpiresByType text/cache-manifest "access plus 0 seconds"
|
||||
# ExpiresByType text/cache-manifest "access plus 0 seconds"
|
||||
|
||||
# Your document html
|
||||
# ExpiresByType text/html "access plus 0 seconds"
|
||||
# ExpiresByType text/html "access plus 0 seconds"
|
||||
|
||||
# Data
|
||||
# ExpiresByType text/xml "access plus 0 seconds"
|
||||
# ExpiresByType application/xml "access plus 0 seconds"
|
||||
# ExpiresByType application/json "access plus 0 seconds"
|
||||
# ExpiresByType text/xml "access plus 0 seconds"
|
||||
# ExpiresByType application/xml "access plus 0 seconds"
|
||||
# ExpiresByType application/json "access plus 0 seconds"
|
||||
|
||||
# Feed
|
||||
# ExpiresByType application/rss+xml "access plus 1 hour"
|
||||
# ExpiresByType application/atom+xml "access plus 1 hour"
|
||||
# ExpiresByType application/rss+xml "access plus 1 hour"
|
||||
# ExpiresByType application/atom+xml "access plus 1 hour"
|
||||
|
||||
# Favicon (cannot be renamed)
|
||||
# ExpiresByType image/x-icon "access plus 1 week"
|
||||
# ExpiresByType image/x-icon "access plus 1 week"
|
||||
|
||||
# Media: images, video, audio
|
||||
# ExpiresByType image/gif "access plus 1 month"
|
||||
# ExpiresByType image/png "access plus 1 month"
|
||||
# ExpiresByType image/jpg "access plus 1 month"
|
||||
# ExpiresByType image/jpeg "access plus 1 month"
|
||||
# ExpiresByType video/ogg "access plus 1 month"
|
||||
# ExpiresByType audio/ogg "access plus 1 month"
|
||||
# ExpiresByType video/mp4 "access plus 1 month"
|
||||
# ExpiresByType video/webm "access plus 1 month"
|
||||
# ExpiresByType image/gif "access plus 1 month"
|
||||
# ExpiresByType image/png "access plus 1 month"
|
||||
# ExpiresByType image/jpg "access plus 1 month"
|
||||
# ExpiresByType image/jpeg "access plus 1 month"
|
||||
# ExpiresByType video/ogg "access plus 1 month"
|
||||
# ExpiresByType audio/ogg "access plus 1 month"
|
||||
# ExpiresByType video/mp4 "access plus 1 month"
|
||||
# ExpiresByType video/webm "access plus 1 month"
|
||||
|
||||
# HTC files (css3pie)
|
||||
# ExpiresByType text/x-component "access plus 1 month"
|
||||
# ExpiresByType text/x-component "access plus 1 month"
|
||||
|
||||
# Webfonts
|
||||
# ExpiresByType application/x-font-ttf "access plus 1 month"
|
||||
# ExpiresByType font/opentype "access plus 1 month"
|
||||
# ExpiresByType application/x-font-woff "access plus 1 month"
|
||||
# ExpiresByType image/svg+xml "access plus 1 month"
|
||||
# ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
|
||||
# ExpiresByType application/x-font-ttf "access plus 1 month"
|
||||
# ExpiresByType font/opentype "access plus 1 month"
|
||||
# ExpiresByType application/x-font-woff "access plus 1 month"
|
||||
# ExpiresByType image/svg+xml "access plus 1 month"
|
||||
# ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
|
||||
|
||||
# CSS and JavaScript
|
||||
# ExpiresByType text/css "access plus 1 year"
|
||||
# ExpiresByType application/javascript "access plus 1 year"
|
||||
# ExpiresByType text/css "access plus 1 year"
|
||||
# ExpiresByType application/javascript "access plus 1 year"
|
||||
|
||||
# <IfModule mod_headers.c>
|
||||
# Header append Cache-Control "public"
|
||||
# </IfModule>
|
||||
# <IfModule mod_headers.c>
|
||||
# Header append Cache-Control "public"
|
||||
# </IfModule>
|
||||
|
||||
#</IfModule>
|
||||
# </IfModule>
|
||||
|
||||
|
||||
|
||||
@@ -259,14 +276,14 @@ AddType text/x-vcard vcf
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
# FileETag None is not enough for every server.
|
||||
#<IfModule mod_headers.c>
|
||||
# Header unset ETag
|
||||
#</IfModule>
|
||||
# <IfModule mod_headers.c>
|
||||
# Header unset ETag
|
||||
# </IfModule>
|
||||
|
||||
# Since we're sending far-future expires, we don't need ETags for
|
||||
# static content.
|
||||
# developer.yahoo.com/performance/rules.html#etags
|
||||
#FileETag None
|
||||
# FileETag None
|
||||
|
||||
|
||||
|
||||
@@ -307,10 +324,10 @@ AddType text/x-vcard vcf
|
||||
# Turning on the rewrite engine is necessary for the following rules and features.
|
||||
# FollowSymLinks must be enabled for this to work.
|
||||
|
||||
#<IfModule mod_rewrite.c>
|
||||
# Options +FollowSymlinks
|
||||
# RewriteEngine On
|
||||
#</IfModule>
|
||||
# <IfModule mod_rewrite.c>
|
||||
# Options +FollowSymlinks
|
||||
# RewriteEngine On
|
||||
# </IfModule>
|
||||
|
||||
|
||||
|
||||
@@ -334,11 +351,11 @@ AddType text/x-vcard vcf
|
||||
# Option 1:
|
||||
# Rewrite "www.example.com -> example.com"
|
||||
|
||||
#<IfModule mod_rewrite.c>
|
||||
# RewriteCond %{HTTPS} !=on
|
||||
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
|
||||
# RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
|
||||
#</IfModule>
|
||||
# <IfModule mod_rewrite.c>
|
||||
# RewriteCond %{HTTPS} !=on
|
||||
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
|
||||
# RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
|
||||
# </IfModule>
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
@@ -364,7 +381,7 @@ AddType text/x-vcard vcf
|
||||
# /css/style.20110203.css to /css/style.css
|
||||
|
||||
# To understand why this is important and a better idea than all.css?v1231,
|
||||
# read: github.com/paulirish/html5-boilerplate/wiki/Version-Control-with-Cachebusting
|
||||
# read: github.com/h5bp/html5-boilerplate/wiki/Version-Control-with-Cachebusting
|
||||
|
||||
# Uncomment to enable.
|
||||
# <IfModule mod_rewrite.c>
|
||||
@@ -397,7 +414,7 @@ AddType text/x-vcard vcf
|
||||
# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
|
||||
# e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
|
||||
|
||||
#Options -MultiViews
|
||||
# Options -MultiViews
|
||||
|
||||
|
||||
|
||||
@@ -406,7 +423,7 @@ AddType text/x-vcard vcf
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
# You can add custom pages to handle 500 or 403 pretty easily, if you like.
|
||||
#ErrorDocument 404 /404.html
|
||||
# ErrorDocument 404 /404.html
|
||||
|
||||
|
||||
|
||||
@@ -448,6 +465,16 @@ AddCharset utf-8 .html .css .js .xml .json .rss .atom
|
||||
</IfModule>
|
||||
|
||||
|
||||
# Block access to backup and source files
|
||||
# This files may be left by some text/html editors and
|
||||
# pose a great security danger, when someone can access them
|
||||
<FilesMatch ".(bak|config|sql|fla|psd|ini|log|sh|inc|~|swp)$">
|
||||
Order allow,deny
|
||||
Deny from all
|
||||
Satisfy All
|
||||
</FilesMatch>
|
||||
|
||||
|
||||
# If your server is not already configured as such, the following directive
|
||||
# should be uncommented in order to set PHP's register_globals option to OFF.
|
||||
# This closes a major security hole that is abused by most XSS (cross-site
|
||||
|
||||
Reference in New Issue
Block a user