Major refactor

- update the structure to have monolithic setup - updated deployments - added live-reloading for devops
2026-05-06 19:19:19 +02:00 · 2026-02-05 20:07:05 +01:00
parent f23fbb481b
commit d2b3c6ca67
75 changed files with 3359 additions and 3987 deletions
--- a/admin/.htaccess
+++ b/admin/.htaccess
@@ -0,0 +1,36 @@
+# Security headers
+<IfModule mod_headers.c>
+    # Prevent clickjacking
+    Header always set X-Frame-Options "SAMEORIGIN"
+
+    # Prevent MIME type sniffing
+    Header always set X-Content-Type-Options "nosniff"
+
+    # Enable XSS protection
+    Header always set X-XSS-Protection "1; mode=block"
+
+    # Referrer policy
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+
+    # Content Security Policy (adjust as needed)
+    Header always set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"
+</IfModule>
+
+# Prevent directory listing
+Options -Indexes
+
+# Protect sensitive files
+<FilesMatch "^\.">
+    Require all denied
+</FilesMatch>
+
+<FilesMatch "(composer\.(json|lock)|error\.log)$">
+    Require all denied
+</FilesMatch>
+
+# PHP security settings (if .htaccess can override)
+<IfModule mod_php.c>
+    php_flag display_errors Off
+    php_flag log_errors On
+    php_value error_log error.log
+</IfModule>