greggy/landingpage-haus-schleusingen
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): add CSP and security headers via .htaccess (#41)
All checks were successful
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Details
Lint / PHP Syntax Check (push) Successful in 39s
Details
Lint / CSS Lint (stylelint) (push) Successful in 1m25s
Details
Lint / HTML Lint (htmlhint) (push) Successful in 1m10s
Details
Lint / PHP Syntax Check (pull_request) Successful in 34s
Details
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m12s
Details
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m8s
Details

Browse Source 
- Content-Security-Policy: strict CSP for static landingpage
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
- Referrer-Policy: strict-origin-when-cross-origin

Fix #41
This commit is contained in:
Claw (KI-Assistent)
2026-05-21 23:04:52 +00:00
parent 36b5639801
commit 2d9f1838b6
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
public/.htaccess
View File

@@ -1,6 +1,14 @@
# Enable rewrite engine # Enable rewrite engine
RewriteEngine On RewriteEngine On
# Security Headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-src https://www.google.com/ https://www.google.de/; connect-src 'self'"
</IfModule>
# Legacy redirects (301) must be before the catch-all # Legacy redirects (301) must be before the catch-all
RewriteRule ^impressum\.html$ /impressum [R=301,L] RewriteRule ^impressum\.html$ /impressum [R=301,L]
RewriteRule ^datenschutz\.html$ /datenschutz [R=301,L] RewriteRule ^datenschutz\.html$ /datenschutz [R=301,L]