Permalink
Browse files

Remove all white spaces

  • Loading branch information...
1 parent 3ea93d8 commit 06e119644f98a165d2ae7c627a5b3f39ca0f0aa6 @alrra alrra committed Mar 1, 2013
View
@@ -1 +1 @@
-* text=auto
+* text=auto
View
@@ -10,7 +10,7 @@ def get(self):
self.response.headers.add_header('X-UA-Compatible', 'IE=Edge,chrome=1')
self.redirect(path)
-
+
def post(self):
self.get()
@@ -21,4 +21,4 @@ def main():
util.run_wsgi_app(application)
if __name__ == '__main__':
- main()
+ main()
View
@@ -18,10 +18,10 @@
<system.web>
<!-- Security through obscurity, removes X-AspNet-Version HTTP header from the response -->
<httpRuntime enableVersionHeader="false" />
- <!--
- Set compilation debug="true" to insert debugging
- symbols into the compiled page. Because this
- affects performance, set this value to true only
+ <!--
+ Set compilation debug="true" to insert debugging
+ symbols into the compiled page. Because this
+ affects performance, set this value to true only
during development.
-->
<compilation debug="false">
@@ -34,10 +34,10 @@
</compilation>
<authentication mode="Windows" />
<!--
- The <customErrors> section enables configuration
- of what to do if/when an unhandled error occurs
- during the execution of a request. Specifically,
- it enables developers to configure html error pages
+ The <customErrors> section enables configuration
+ of what to do if/when an unhandled error occurs
+ during the execution of a request. Specifically,
+ it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
@@ -170,82 +170,82 @@
<!--#### SECURITY Related Headers ###-->
<!--
# Access-Control-Allow-Origin
- The 'Access Control Allow Origin' HTTP header is used to control which
+ The 'Access Control Allow Origin' HTTP header is used to control which
sites are allowed to bypass same origin policies and send cross-origin requests.
-
- Secure configuration: Either do not set this header, or return the 'Access-Control-Allow-Origin'
+
+ Secure configuration: Either do not set this header, or return the 'Access-Control-Allow-Origin'
header restricting it to only a trusted set of sites.
http://enable-cors.org/
-
+
<add name="Access-Control-Allow-Origin" value="*" />
-->
- <!--
+ <!--
# Cache-Control
- The 'Cache-Control' response header controls how pages can be cached
- either by proxies or the users browser.
- This response header can provide enhanced privacy by not caching
+ The 'Cache-Control' response header controls how pages can be cached
+ either by proxies or the users browser.
+ This response header can provide enhanced privacy by not caching
sensitive pages in the users browser cache.
-
+
<add name="Cache-Control" value="no-store, no-cache"/>
-->
<!--
# Strict-Transport-Security
- The HTTP Strict Transport Security header is used to control
- if the browser is allowed to only access a site over a secure connection
+ The HTTP Strict Transport Security header is used to control
+ if the browser is allowed to only access a site over a secure connection
and how long to remember the server response for, forcing continued usage.
Note* Currently a draft standard which only Firefox and Chrome support. But is supported by sites like PayPal.
<add name="Strict-Transport-Security" value="max-age=15768000"/>
-->
<!--
# X-Frame-Options
- The X-Frame-Options header indicates whether a browser should be allowed
- to render a page within a frame or iframe.
+ The X-Frame-Options header indicates whether a browser should be allowed
+ to render a page within a frame or iframe.
The valid options are DENY (deny allowing the page to exist in a frame)
or SAMEORIGIN (allow framing but only from the originating host)
- Without this option set the site is at a higher risk of click-jacking.
-
+ Without this option set the site is at a higher risk of click-jacking.
+
<add name="X-Frame-Options" value="SAMEORIGIN" />
-->
<!--
# X-XSS-Protection
The X-XSS-Protection header is used by Internet Explorer version 8+
- The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
- If enabled, without 'mode=block', there is an increased risk that
+ The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
+ If enabled, without 'mode=block', there is an increased risk that
otherwise non-exploitable cross-site scripting vulnerabilities may potentially become exploitable
-
+
<add name="X-XSS-Protection" value="1; mode=block"/>
-->
<!-- A little extra security (by obscurity) -->
<remove name="X-Powered-By" />
<!--//#### SECURITY Related Headers ###-->
-
+
<!--
# E-TAGS
E-Tags are actually quite useful in cache management especially if you have a front-end caching server
such as Varnish. http://en.wikipedia.org/wiki/HTTP_ETag / http://developer.yahoo.com/performance/rules.html#etags
But in load balancing and simply most cases ETags are mishandled in IIS; and it can be advantageous to remove them.
This is simply done by overriding the default server header with an empty tag.
See http://bytestopshere.wordpress.com/2009/02/02/disable-remove-etags-on-iis-6-to-improve-performance/
-
+
<add name="E-TAG" value="" />
-->
-
- <!--
+
+ <!--
Force the latest IE version, in various cases when it may fall back to IE7 mode
github.com/rails/rails/commit/123eb25#commitcomment-118920
- Use ChromeFrame if it's installed for a better experience for the poor IE folk
+ Use ChromeFrame if it's installed for a better experience for the poor IE folk
-->
<add name="X-UA-Compatible" value="IE=Edge,chrome=1" />
- <!--
+ <!--
Allow cookies to be set from iframes (for IE only)
- If needed, uncomment and specify a path or regex in the Location directive
-
+ If needed, uncomment and specify a path or regex in the Location directive
+
<add name="P3P" value="policyref=&quot;/w3c/p3p.xml&quot;, CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;" />
-->
</customHeaders>
@@ -255,39 +255,39 @@
<!--
<rewrite>
<rules>
-
- Remove/force the WWW from the URL.
- Requires IIS Rewrite module http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/
+
+ Remove/force the WWW from the URL.
+ Requires IIS Rewrite module http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/
Configuration lifted from http://nayyeri.net/remove-www-prefix-from-urls-with-url-rewrite-module-for-iis-7-0
-
+
NOTE* You need to install the IIS URL Rewriting extension (Install via the Web Platform Installer)
http://www.microsoft.com/web/downloads/platform.aspx
-
- ** Important Note
- using a non-www version of a webpage will set cookies for the whole domain making cookieless domains
+
+ ** Important Note
+ using a non-www version of a webpage will set cookies for the whole domain making cookieless domains
(eg. fast cdn-like access of static resources like css, js and images) impossible.
-
+
# IMPORTANT: THERE ARE TWO RULES LISTED. NEVER USE BOTH RULES AT THE SAME TIME!
-
+
<rule name="Remove WWW" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="http://example.com{PATH_INFO}" redirectType="Permanent" />
</rule>
- <rule name="Force WWW" stopProcessing="true">
- <match url=".*" />
- <conditions>
- <add input="{HTTP_HOST}" pattern="^example.com$" />
- </conditions>
- <action type="Redirect" url="http://www.example.com/{R:0}" redirectType="Permanent" />
- </rule>
+ <rule name="Force WWW" stopProcessing="true">
+ <match url=".*" />
+ <conditions>
+ <add input="{HTTP_HOST}" pattern="^example.com$" />
+ </conditions>
+ <action type="Redirect" url="http://www.example.com/{R:0}" redirectType="Permanent" />
+ </rule>
-->
<!--
-
+
# Built-in filename-based cache busting
-
+
If you're not using the build script to manage your filename version revving,
you might want to consider enabling this, which will route requests for
@@ -300,7 +300,7 @@
<match url="^(.+)\.\d+(\.(js|css|png|jpg|gif)$)" />
<action type="Rewrite" url="{R:1}{R:2}" />
</rule>
-
+
</rules>
</rewrite>-->
Oops, something went wrong.

0 comments on commit 06e1196

Please sign in to comment.