greggy/landingpage-haus-schleusingen
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: greggy:9b9213604861a3d399e4da08cb06894743fbdcf6
Branches Tags
greggy:main greggy:feature/phpunit-tests greggy:feature/issue-17-bildoptimierung-webp greggy:feature/issue-36-favicon greggy:feature/issue-18-accessibility greggy:feature/issue-19-remove-jquery-masonry greggy:feature/issue-34-contact-form-mail greggy:feature/issue- greggy:none
...
compare: greggy:344b0d82715546ed863990f5798b336e8460e380
Branches Tags
greggy:main greggy:feature/phpunit-tests greggy:feature/issue-17-bildoptimierung-webp greggy:feature/issue-36-favicon greggy:feature/issue-18-accessibility greggy:feature/issue-19-remove-jquery-masonry greggy:feature/issue-34-contact-form-mail greggy:feature/issue- greggy:none

2 Commits
9b92136048 ... 344b0d8271

Author SHA1 Message Date
greggy
344b0d8271 Merge pull request 'Fix #41: CSP und Security Headers implementieren' (#49) from feature/issue-41-csp-header into main
All checks were successful
Lint / PHP Syntax Check (push) Successful in 33s
Details
Lint / CSS Lint (stylelint) (push) Successful in 1m13s
Details
Lint / HTML Lint (htmlhint) (push) Successful in 1m9s
Details 
Reviewed-on: #49
 2026-05-22 08:34:34 +02:00
Claw (KI-Assistent)
2d9f1838b6 fix(security): add CSP and security headers via .htaccess (#41)
All checks were successful
Deploy Feature Branch to Test / deploy (push) Successful in 25s
Details
Lint / PHP Syntax Check (push) Successful in 39s
Details
Lint / CSS Lint (stylelint) (push) Successful in 1m25s
Details
Lint / HTML Lint (htmlhint) (push) Successful in 1m10s
Details
Lint / PHP Syntax Check (pull_request) Successful in 34s
Details
Lint / CSS Lint (stylelint) (pull_request) Successful in 1m12s
Details
Lint / HTML Lint (htmlhint) (pull_request) Successful in 1m8s
Details 
- Content-Security-Policy: strict CSP for static landingpage
- X-Content-Type-Options: nosniff
- X-Frame-Options: SAMEORIGIN
- Referrer-Policy: strict-origin-when-cross-origin

Fix #41
 2026-05-21 23:04:52 +00:00
1 changed files with 8 additions and 0 deletions
Expand all files Collapse all files

8
public/.htaccess
View File

@@ -1,6 +1,14 @@
# Enable rewrite engine # Enable rewrite engine
RewriteEngine On RewriteEngine On
# Security Headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-src https://www.google.com/ https://www.google.de/; connect-src 'self'"
</IfModule>
# Legacy redirects (301) must be before the catch-all # Legacy redirects (301) must be before the catch-all
RewriteRule ^impressum\.html$ /impressum [R=301,L] RewriteRule ^impressum\.html$ /impressum [R=301,L]
RewriteRule ^datenschutz\.html$ /datenschutz [R=301,L] RewriteRule ^datenschutz\.html$ /datenschutz [R=301,L]