Commit b8291314 authored by Mark Swillus's avatar Mark Swillus
Browse files

Merge branch '71-improve-website-security-settings' into 'master'

Resolve "Improve website security settings"

Closes #71

See merge request totem/website!56
parents 8689b550 20de084d
Header set Strict-Transport-Security "max-age=63072000"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
......@@ -12,6 +12,9 @@ mkdir -p ~/.ssh
apt-get update
apt-get install -y rsync
# Copy .htaccess into build folder.
cp .htaccess build/
# Upload site.
rsync -r --verbose --compress --delete --exclude js-components ./build/ \
"${FTP_USER}@ftp.greenhost.nl:${DOMAIN_NAME}/${SUBDOMAIN}"
......@@ -64,17 +64,23 @@
this.setAttribute("rel", "noreferrer noopener");
}
});
});
document.setLangCookie = function(lang) {
var expiryDate = new Date();
expiryDate = expiryDate.setMonth(expiryDate.getMonth() + 12);
var domain = window.location.hostname;
var cookieParams = "domain=." + domain + ";path=/;SameSite=Strict;";
if (window.location.protocol == "https") {
cookieParams += "secure=true;";
}
document.cookie = "openedx-language-preference=" + lang + ";expires=" + expiryDate + ";" + cookieParams;
};
var setLangCookie = function(lang) {
var expiryDate = new Date();
expiryDate = expiryDate.setMonth(expiryDate.getMonth() + 12);
var domain = window.location.hostname;
var cookieParams = "domain=." + domain + ";path=/;SameSite=Strict;";
if (window.location.protocol == "https:") {
cookieParams += "secure=true;";
}
document.cookie = "openedx-language-preference=" + lang + ";expires=" + expiryDate + ";" + cookieParams;
};
// Get locale from current path
var locale = window.location.pathname.split('/')[1];
// If the locale string is empty or ends with .html, we're on an English page
if (locale == "" || locale.endsWith(".html")) {
locale = "en";
}
setLangCookie(locale);
});
})(jQuery, window, document);
......@@ -3,6 +3,9 @@
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta http-equiv="X-XSS-Protection" content="1; mode=block">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com; img-src 'self' learn.totem-project.org;">
<meta name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="Join the totem project to learn more about security on the web">
......
......@@ -3,7 +3,7 @@
<div class="container">
<div class="row">
<div class="col-md-4">
<span class="copyright"><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-sa/4.0/80x15.png" /></a></span>
<span class="copyright"><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img alt="Creative Commons License" src="/img/cc-by-sa.png" /></a></span>
</div>
<div class="col-md-8">
<ul class="list-inline quicklinks">
......
......@@ -35,7 +35,7 @@ end
<ul class="dropdown-menu" aria-labelledby="dropdownMenuButton">
<% I18n.available_locales.select{|l| l != ::I18n.locale}.each do |loc| %>
<li class="dropdown-item">
<%= link_to(config[:locales][loc][:name], "/index.html", :locale => loc, :class => "nav-link", :onclick => "setLangCookie('#{loc}')") %>
<%= link_to(config[:locales][loc][:name], "/index.html", :locale => loc, :class => "nav-link") %>
</li>
<% end %>
</ul>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment