diff options
author | Juha Sippola <juhasippola@outlook.com> | 2015-06-25 16:36:00 +0300 |
---|---|---|
committer | Tony Sarajärvi <tony.sarajarvi@theqtcompany.com> | 2015-09-16 07:31:51 +0000 |
commit | 29dc3651a96dfeecc7e356aa642dc76684b481f2 (patch) | |
tree | 44de4f5ce9168cabf500e32730d4a57f44826f29 /non-puppet/qtmetrics2/.htaccess | |
parent | 7e66ceb73fce9bdd1bbe5a15f55bc1831aad08fd (diff) |
Qt Metrics 2 (v0.4): Security improvements
Added applicable security headers to protect the site against
typical attacts (checked e.g. with http://cyh.herokuapp.com/cyh).
Moved inline JavaScript code to separate file (because of
applying the CSP).
Moved jQuery and Bootstrap to local lib directories instead
of using CDNs (to get simple and strict CSP rules).
Change-Id: If08f7ccf6a53923405a1305c76ff2da7c21b094b
Reviewed-by: Lukas Reschke <lukas@owncloud.com>
Reviewed-by: Simon Hausmann <simon.hausmann@theqtcompany.com>
Reviewed-by: Tony Sarajärvi <tony.sarajarvi@theqtcompany.com>
Diffstat (limited to 'non-puppet/qtmetrics2/.htaccess')
-rw-r--r-- | non-puppet/qtmetrics2/.htaccess | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/non-puppet/qtmetrics2/.htaccess b/non-puppet/qtmetrics2/.htaccess index 93af3b1..095fd43 100644 --- a/non-puppet/qtmetrics2/.htaccess +++ b/non-puppet/qtmetrics2/.htaccess @@ -32,13 +32,25 @@ ############################################################################# # Qt Metrics configuration -# @version 0.1 -# @since 13-05-2015 +# @version 0.2 +# @since 17-06-2015 # @author Juha Sippola # Turn on the rewriting engine RewriteEngine On +# Set security headers +<IfModule mod_headers.c> + # Apply Content Security Policy + Header set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src *" + # Provide protection against MIME type confusion attacks + Header set X-Content-Type-Options "nosniff" + # Provide protection against clickjacking + Header set X-Frame-Options "SAMEORIGIN" + # Provide protection against Cross-Site Scripting + Header set X-XSS-Protection "1; mode=block" +</IfModule> + # If the requested file does not exist, show link to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [QSA,L] |