Unverified Commit ba34041e authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

fix cspp header, self-host cc-by image, move security headers to layout.erb and remove .htaccess

parent 0db671c0
Header set Strict-Transport-Security "max-age=63072000"
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"
Header set Content-Security-Policy "default-src 'self';"
......@@ -12,9 +12,6 @@ mkdir -p ~/.ssh
apt-get update
apt-get install -y rsync
# Copy .htaccess into build folder.
cp .htaccess build/
# Upload site.
rsync -r --verbose --compress --delete --exclude js-components ./build/ \
"${FTP_USER}@ftp.greenhost.nl:${DOMAIN_NAME}/${SUBDOMAIN}"
......@@ -3,6 +3,12 @@
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta http-equiv="Strict-Transport-Security" content="max-age=63072000">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<meta http-equiv="X-Frame-Options" content="DENY">
<meta http-equiv="X-XSS-Protection" content="1; mode=block">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com; img-src 'self' learn.totem-project.org;">
<meta name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="Join the totem project to learn more about security on the web">
......
......@@ -3,7 +3,7 @@
<div class="container">
<div class="row">
<div class="col-md-4">
<span class="copyright"><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-sa/4.0/80x15.png" /></a></span>
<span class="copyright"><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="/img/cc-by-sa.png" /></a></span>
</div>
<div class="col-md-8">
<ul class="list-inline quicklinks">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment