Monarc
/
MonarcAppFO
mirror of https://github.com/monarc-project/MonarcAppFO
1
0
Fork 0
Code Issues Releases Wiki Activity

Added some HTTPS headers in order to improve privacy and security.

pull/165/head
Cédric Bonhomme 2019-04-04 13:54:23 +02:00
parent 7f9c157758
commit 9c5213c14d
No known key found for this signature in database
GPG Key ID: A1CB94DE57B7A70D
4 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
INSTALL/INSTALL.rhel7.md
View File

@ -121,4 +121,11 @@ Set file ownership for monarc installation
Require all granted Require all granted
</Directory> </Directory>
<IfModule mod_headers.c>
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Robots-Tag none
Header always set X-Frame-Options SAMEORIGIN
</IfModule>
SetEnv APPLICATION_ENV "development" SetEnv APPLICATION_ENV "development"

7
INSTALL/INSTALL.ubuntu1604.md
View File

@ -42,6 +42,13 @@ Especially by setting a strong root password.
Require all granted Require all granted
</Directory> </Directory>
<IfModule mod_headers.c>
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Robots-Tag none
Header always set X-Frame-Options SAMEORIGIN
</IfModule>
SetEnv APPLICATION_ENV "development" SetEnv APPLICATION_ENV "development"
</VirtualHost> </VirtualHost>

7
INSTALL/INSTALL.ubuntu1804.md
View File

@ -42,6 +42,13 @@ Especially by setting a strong root password.
Require all granted Require all granted
</Directory> </Directory>
<IfModule mod_headers.c>
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Robots-Tag none
Header always set X-Frame-Options SAMEORIGIN
</IfModule>
SetEnv APPLICATION_ENV "development" SetEnv APPLICATION_ENV "development"
</VirtualHost> </VirtualHost>

8
vagrant/bootstrap.sh
View File

@ -82,6 +82,7 @@ done
echo -e "\n--- Enabling mod-rewrite and ssl… ---\n" echo -e "\n--- Enabling mod-rewrite and ssl… ---\n"
a2enmod rewrite > /dev/null 2>&1 a2enmod rewrite > /dev/null 2>&1
a2enmod ssl > /dev/null 2>&1 a2enmod ssl > /dev/null 2>&1
a2enmod headers > /dev/null 2>&1
echo -e "\n--- Allowing Apache override to all ---\n" echo -e "\n--- Allowing Apache override to all ---\n"
sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf
@ -162,6 +163,13 @@ cat > /etc/apache2/sites-enabled/000-default.conf <<EOF
Require all granted Require all granted
</Directory> </Directory>
<IfModule mod_headers.c>
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Robots-Tag none
Header always set X-Frame-Options SAMEORIGIN
</IfModule>
SetEnv APPLICATION_ENV $ENVIRONMENT SetEnv APPLICATION_ENV $ENVIRONMENT
SetEnv APP_DIR $PATH_TO_MONARC SetEnv APP_DIR $PATH_TO_MONARC
</VirtualHost> </VirtualHost>