mirror of
https://codeberg.org/PostERG/xamxam.git
synced 2026-05-06 19:19:19 +02:00
4bbbc58e24
Fixed multiple issues in admin panel: 1. CSS path: modern-normalize.css → modern-normalize.min.css (File is actually named .min.css) 2. Icon path: assets/icon.svg → /assets/admin_favicon.svg (Was relative, now absolute; correct filename) 3. Navigation: /admin/list.php → /admin/ (list.php was renamed to index.php) 4. Short PHP tags: <? → <?php (Better compatibility, some servers don't enable short_open_tag) 5. Quirks mode warning was due to CSS not loading, not DOCTYPE (DOCTYPE was already present) Files modified: - public/admin/inc/head.php (main fixes) - public/admin/index.php (short tags) - public/admin/add.php (short tags) - public/admin/import.php (short tags) Need to redeploy for production: just deploy
37 lines
973 B
ApacheConf
37 lines
973 B
ApacheConf
# Security headers
|
|
<IfModule mod_headers.c>
|
|
# Prevent clickjacking
|
|
Header always set X-Frame-Options "SAMEORIGIN"
|
|
|
|
# Prevent MIME type sniffing
|
|
Header always set X-Content-Type-Options "nosniff"
|
|
|
|
# Enable XSS protection
|
|
Header always set X-XSS-Protection "1; mode=block"
|
|
|
|
# Referrer policy
|
|
Header always set Referrer-Policy "strict-origin-when-cross-origin"
|
|
|
|
# Content Security Policy (adjust as needed)
|
|
Header always set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;"
|
|
</IfModule>
|
|
|
|
# Prevent directory listing
|
|
Options -Indexes
|
|
|
|
# Protect sensitive files
|
|
<FilesMatch "^\.">
|
|
Require all denied
|
|
</FilesMatch>
|
|
|
|
<FilesMatch "(composer\.(json|lock)|error\.log)$">
|
|
Require all denied
|
|
</FilesMatch>
|
|
|
|
# PHP security settings (if .htaccess can override)
|
|
<IfModule mod_php.c>
|
|
php_flag display_errors Off
|
|
php_flag log_errors On
|
|
php_value error_log error.log
|
|
</IfModule>
|