forked from cubing/cubing.js
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.htaccess
41 lines (35 loc) · 1.57 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Security headers
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" env=HTTPS
Header always set Content-Security-Policy "\
default-src self alpha.twizzle.net ;\
img-src self alpha.twizzle.net data: ;\
script-src self alpha.twizzle.net 'unsafe-eval' ;\
worker-src self alpha.twizzle.net blob: ;\
connect-src self alpha.twizzle.net api.twizzle.net data: wss://api.twizzle.net ;\
style-src 'unsafe-inline' alpha.twizzle.net ;\
frame-src https://www.youtube.com ;\
frame-ancestors 'none'" env=HTTPS
Header always set X-Content-Type-Options "nosniff" env=HTTPS
Header always set X-Frame-Options "DENY" env=HTTPS
Header always set X-XSS-Protection "0" env=HTTPS
# Redirect `index.html` to the folder for the editor and explorer.
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/explore/index\.html$ [NC]
RewriteRule ^explore/index\.html$ /explore/ [R=308,L]
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/edit/index\.html$ [NC]
RewriteRule ^edit/index\.html$ /edit/ [R=308,L]
# Redirect to HTTPS first.
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=308,L]
# If on HTTPS, remove the www.
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*)$ https://%{SERVER_NAME}{REQUEST_URI} [R=308,L]
# Vanity URL for Twizzle Diaries
Redirect 307 /diaries https://www.youtube.com/watch?v=9_kqXn0Mq-o&list=PLFh3NgpDbzN4VkcfjEZSQ_TYQv_OEjbjF&index=1
# Limit caching to 5 minutes (does this work properly in Dreamhost?),
ExpiresActive off
Header always set Cache-Control "max-age=300; must-revalidate"