Skip to content


Subversion checkout URL

You can clone with
Download ZIP
branch: master
Commits on Nov 6, 2013
  1. Merge pull request #1 from h5bp/master

Commits on Jul 31, 2013
  1. @alrra
Commits on Jul 28, 2013
  1. @alrra Update links

    alrra authored
  2. @alrra
  3. @alrra
  4. @alrra
  5. @alrra

    Move IIS server configs into a separate repository

    alrra authored
    Internet Information Services (IIS) Server Configs repository:
    Ref: h5bp/server-configs#161
  6. @alrra
  7. @Irvyne @alrra Update Apache server configs link

    Irvyne authored alrra committed
Commits on Jul 27, 2013
  1. @alrra
Commits on Jul 26, 2013
  1. @alrra
Commits on Jun 27, 2013
  1. @vlakoff @alrra

    [apache] Remove directory check for cache busting

    vlakoff authored alrra committed
    The directory check from the `filename-based cache busting`
    section is unnecessary in almost all cases.
    Close h5bp/server-configs#156.
  2. @alrra

    Remove `.npmignore`

    alrra authored
  3. @alrra

    Add MIT license

    alrra authored
    In order to remove any ambiguity, provide a proper, highly
    permissive license, recognized by the Open Source Initiative (OSI).
    Close h5bp/server-configs#157.
  4. @rwblackburn @alrra

    [apache] Fix rewrite rule conditions for localhost

    rwblackburn authored alrra committed
    Add `localhost` and `` exceptions to the rewrite rule condi-
    tions that prepend `www.` to URLs, as the current rules prevent users
    from being able to test locally.
    Closes h5bp/server-configs#152.
  5. @oncletom @alrra

    [apache] Add `includeSubDomains` directive to HSTS

    oncletom authored alrra committed
    The `includeSubDomains` optional directive allows the user to apply the
    `HTTP Strict Transport Security` rule to all of the site's subdomains:
    Ref: h5bp/server-configs#151
  6. @Ekman @alrra

    [lighttpd] Security enhancements

    Ekman authored alrra committed
    - Avoid revealing the server name and version number
    - Disable directory listing
    Ref: h5bp/server-configs#150
  7. @mattbrundage @alrra

    [apache] More elegant way of matching `svg/svgz`

    mattbrundage authored alrra committed
  8. @alrra


    alrra authored
  9. @alrra
  10. @alrra
  11. @alrra
Commits on Apr 1, 2013
  1. @AD7six

    nginx.conf: repair broken log format (someone had swapped two variabl…

    Aitte authored AD7six committed
    …es around, breaking the intended apache log format compatibility)
Commits on Mar 29, 2013
  1. @alrra
  2. @alrra

    Update server configs

    alrra authored
    Update some of the server configurations to match
    the ones used in the Apache hypertext access file.
Commits on Mar 28, 2013
  1. @alrra

    [apache] Add `Open Web App Manifest` configs

    alrra authored
    An Open Web App manifest file (having the extension `.webapp`):
    * must be served with a `Content-Type` header of
      `application/x-web-app-manifest+json` (this is currently not enforced
      by Firefox but is enforced by the Firefox Marketplace while, Firefox
      OS only checks this if the origin of the page where the user triggers
      the install is different from the origin of the app itself)
    * must be UTF-8 encoded in order to be submitted to the Firefox
    * should not be cached (the expires headers for the manifest are usually
      ignored by Firefox but, just to be sure):
      "Webapps.jsm <>
      sets INHIBIT_CACHING <>
      when it downloads the manifest, which prevents Firefox from caching it
      so, in theory the Firefox app runtime won't take expires headers into
      consideration. However, INHIBIT_CACHING doesn't prevent the runtime
      from using an entry in the cache if it exists so, if you load the
      manifest yourself, f.e. to see what it looks like, while developing
      your app, Firefox might cache it, and Webapps.jsm might then get the
      cached version.
      Webapps.jsm is the implementation of the DOMApplicationRegistry that
      is responsible for managing app records, including their manifests"
                                ~ thanks to @mykmelez for the explanation ~
    * is a JSON file so, it can be compressed (the manifest validator
      <>, doesn't seem
      to mind)
    * doesn't need any of the extra headers (e.g.:`Content-Security-Policy`,
      `X-UA-Compatible`, etc.)
Commits on Mar 27, 2013
  1. @alrra

    [apache] Consistency changes

    alrra authored
    * Use consistent code indentation (4 spaces, 2 seems cluttered).
    * Maintain the same arrangement style for all group directives.
  2. @alrra
  3. @alrra

    [apache] Update code comments

    alrra authored
    * Provide more meaningful comments and remove the superfluous ones.
    * Remove / replace outdated URLs.
  4. @alrra

    [apache] Remove all `php` configurations

    alrra authored
    The php directives have been included in the Apache hypertext access
    file more as helpful information then to be used out of the box.
    Nowadays, the use of the directives is highly dependent on the php
    version and the way in witch php is integrated with Apache. This makes
    them less usefull by default and just extra code to remove for both
    the people that don't use php and the ones that do (especially a newer
    Reference: h5bp/server-configs#140
  5. @alrra

    [apache] Add comment about font MIME types

    alrra authored
    Browsers usually ignore the font MIME types and sniff the content but,
    Chrome, shows a warning if TrueType / Opentype fonts aren't served with
    the `application/x-font-ttf` / `font/opentype` MIME type.
    * h5bp/html5-boilerplate#1317
  6. @alrra

    [apache] Remove `php_flag register_globals Off`

    alrra authored
    The `register_globals` directive is not required anymore as it
    defaults to `off` starting with PHP 4.2.0, is deprecated as of
    PHP 5.3.0 and removed as of PHP 5.4.0:
    Also, support for PHP 4 has been discontinued since 2007-12-31:
  7. @alrra

    [apache] Update the `Custom 404 page` section

    alrra authored
    - Provide a more meaningful description.
    - Comment out the `ErrorDocument` directive as this project doesn't
      offer the custom 404 page like other projects do.
  8. @alrra

    Remove all white spaces

    alrra authored
  9. @MozMorris @alrra

    [iis] Fix JavaScript not being gzipped

    MozMorris authored alrra committed
    IIS requires the MIME type of JavaScript set to `text/javascript`
    in order for gzip compression to kick in. For further details, see:
    Fix h5bp/server-configs#45
    Ref h5bp/server-configs#141
Something went wrong with that request. Please try again.