Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
60 lines (49 sloc) 4.34 KB
<IfModule mod_deflate.c>
<FilesMatch "\.(html?|txt|css|js|php|pl)$">
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
<IfModule mod_speling.c>
CheckSpelling on
CheckCaseOnly on
checkcaseonly on
</IfModule>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
<IfModule mod_proxy_fcgi.c>
<FilesMatch ".+\.(cs|j)s$">
SetHandler "proxy:unix:/run/php/php7.3-fpm.sock|fcgi://localhost"
</FilesMatch>
</IfModule>
<IfModule mod_php7.c>
AddHandler application/x-httpd-php .css
AddHandler application/x-httpd-php .js
</IfModule>
<FilesMatch ".+\.(jpe?(g|2|x|m)|mj2|jxr|webp|gif|a?png|bmp|ico|xbm|svg)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
AddType image/webp .webp
# Redirect not yet done things
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(.*?/)(.*)::\2$
RewriteRule ^(.*)$ - [E=BASE:%1]
RewriteRule ^Message %{ENV:BASE}Unimplemented [QSA,R=302,L]
RewriteRule ^Browse %{ENV:BASE}Unimplemented [QSA,R=302,L]
RewriteRule ^Quote %{ENV:BASE}Unimplemented [QSA,R=302,L]
RewriteRule ^Request %{ENV:BASE}Unimplemented [QSA,R=302,L]
RewriteRule ^Trade %{ENV:BASE}Unimplemented [QSA,R=302,L]
RewriteRule ^Commission %{ENV:BASE}Unimplemented [QSA,R=302,L]
RewriteRule ^Login/ForgotPassword %{ENV:BASE}Unimplemented [QSA,R=302,L]
Options -Indexes
# These are merely for reference, and should be in an applicable virtual host
#
# Header always set Public-Key-Pins "pin-sha256=\"/1wZvc4rB52M8Th+eC3B1m8NyXwVsra2Rbt79PPjqr4=\"; pin-sha256=\"g+yUOQyLauy4/9LeSVDpddGSN2v5CAo+vasXNuXFQtI=\"; pin-sha256=\"sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=\"; pin-sha256=\"Ay8a3+MQTzGllOo/R63isAX7UTxvvCWK6ID6o9gX5/I=\"; pin-sha256=\"A9O4iLpl66ZU11ZJPiTjvx/rBX96KyI/GjdYX/tZNFc=\"; max-age=63072000; includeSubdomains; preload"
# Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
# Header always set Expect-CT "enforce, max-age=63072000, report-uri=\"https://beta.catalystapp.co/api/internal/ssl_report_uri/\""
# Header always set Content-Security-Policy "default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' https://google.com https://*.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://gstatic.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://cdn.rawgit.com about:; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: https: http:; media-src https: data: blob: 'self'; frame-src https://google.com https://*.google.com https://*.googletagmanager.com https://googletagmanager.com; font-src https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' https:; sandbox allow-modals allow-popups allow-same-origin allow-top-navigation allow-forms allow-pointer-lock allow-popups allow-scripts; report-uri https://beta.catalystapp.co/api/internal/ssl_report_uri/"
# Header always set X-Content-Security-Policy "default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' https://google.com https://*.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://gstatic.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://cdn.rawgit.com about:; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: https: http:; media-src https: data: blob: 'self'; frame-src https://google.com https://*.google.com https://*.googletagmanager.com https://googletagmanager.com; font-src https://fonts.gstatic.com https://cdnjs.cloudflare.com data:; connect-src 'self' https:; sandbox allow-modals allow-popups allow-same-origin allow-top-navigation allow-forms allow-pointer-lock allow-popups allow-scripts; report-uri https://beta.catalystapp.co/api/internal/ssl_report_uri/"
# Header always set X-Frame-Options "SAMEORIGIN"
# Header always set X-XSS-Protection "1; mode=block"
# Header always set X-Content-Type-Options "nosniff"
# Header always set Referrer-Policy "strict-origin-when-cross-origin"
You can’t perform that action at this time.