Léo Colombaro
4a40f258a2
Use latest server-configs-test and align requirements
2021-06-29 00:54:40 +02:00
Léo Colombaro
25a569d97d
Add Cross Origin Policies headers
...
Ref https://github.com/h5bp/server-configs-apache/issues/250
2021-06-28 14:46:32 +02:00
Léo Colombaro
36310b927b
Add `Permissions-Policy` header
...
Ref https://github.com/h5bp/server-configs-apache/issues/179
2021-06-28 14:43:00 +02:00
Phil Wareham
b9ef881d62
Add JPEG XL `image/jxl` MIME type ( #274 )
2021-06-24 16:41:52 +02:00
Léo Colombaro
db79ae491f
Fix documentation wording
2021-06-14 20:21:21 +02:00
Léo Colombaro
688348a5fd
Modernize TLS configuration
2021-06-14 15:24:52 +02:00
Léo Colombaro
f6e5a123e2
Improve security headers documentation
...
Refresh and reorder links
2021-06-14 12:38:26 +02:00
Léo Colombaro
f239e2d043
Clean up IE reference
2021-06-14 01:14:22 +02:00
Léo Colombaro
836467c8b5
Drop `X-XSS-Protection` header usage as per its deprecation
...
Ref https://github.com/h5bp/server-configs-apache/pull/253
Ref https://github.com/h5bp/server-configs-apache/issues/198
Closes https://github.com/h5bp/server-configs-nginx/pull/260
2021-06-14 01:14:22 +02:00
Léo Colombaro
4556277ced
Drop `X-UA-Compatible` header usage as per IE deprecation
...
Ref https://github.com/h5bp/server-configs-apache/issues/210
Ref https://github.com/h5bp/server-configs-apache/issues/182
2021-06-14 01:14:22 +02:00
Julio
501444ab43
Improve `X-Frame-Options` documentation ( #277 )
...
Co-authored-by: Léo Colombaro <git@colombaro.fr>
2021-06-13 23:30:25 +02:00
Léo Colombaro
a9aea7038c
Add mime-type `image/avif` and `image/avifs`
2021-01-05 10:49:47 +01:00
franz-josef-kaiser
d7f6fa09d3
docs: Correct reference to weaker policy in doc block.
2020-12-30 00:09:53 +01:00
Pete Cooper
654f1aa49c
minor presentational fixes
2020-12-29 20:55:50 +01:00
Léo Colombaro
f0b3fd25ce
Improve writing
...
[ci skip]
2020-12-29 18:22:16 +01:00
Léo Colombaro
abcf858614
Assorted grammar and link fixes
2020-04-14 11:54:27 +02:00
Léo Colombaro
98de990c1c
Add expandable policies to SVGZ
2020-04-13 14:44:29 +02:00
Vincent Herbet
d2f597235a
Do no use non-ASCII characters in loaded configs
...
I had an issue with Certbot (let's encrypt) which failed to reload nginx due to a non-ASCII character in a loaded config file.
E.g.: `Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: 'ascii' codec can't decode byte 0xe2 in position 762: ordinal not in range(128). Skipping.`
I found this character using `grep -r -P '[^\x00-\x7f]' /etc/nginx`.
2020-02-05 18:33:14 +01:00
Léo Colombaro
28cb47df42
Rename no-transform.conf file to content_transformation.conf
...
Align with other files and with Apache struct
2020-01-04 18:06:00 +01:00
Léo Colombaro
e0724b8149
Stricter default for Referrer Policy
...
Ref: https://github.com/h5bp/server-configs-apache/pull/204
2020-01-03 19:36:51 +01:00
Léo Colombaro
177a5e94a6
Improve HSTS documentation
...
Ref: https://github.com/h5bp/server-configs-apache/pull/196
2020-01-03 19:34:40 +01:00
minusf
7a44fdf69f
Add `font/ttf` & `font/eot` to compressible mime-types list ( #242 )
...
Ref:
* jshttp/mime-db#169
* developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/webfont-optimization#reducing_font_size_with_compression
2019-10-25 10:59:10 +01:00
Rahil
0af305283f
Fixed description for SSL session cache & timeout ( #237 )
2019-09-08 00:46:31 +02:00
Jogendra Kumar
6d1a9d46e6
Additional compression method added for gzip ( #236 )
2019-08-12 21:21:20 +02:00
Pete Cooper
a1a746a347
Switch tertiary DNS used for OCSP checking to OpenDNS ( #235 )
...
Oracle is shutting down Dyn DNS in 2020.
2019-06-26 00:12:26 +02:00
Léo Colombaro
bc39e4c07d
Revert "Drop Cache-Control: no-transform usage"
...
This partially reverts commit 282d979a
Ref https://github.com/h5bp/server-configs-apache/issues/185
2019-06-06 00:46:47 +02:00
Léo Colombaro
8db768bd61
Pre-compressed content usage config files
...
Closes #231
2019-05-16 22:57:57 +02:00
Léo Colombaro
d7fc6c362d
Fix rebase artifacts
2019-05-16 00:16:59 +02:00
Pete Cooper
67c54c53f1
Documentation formatting and reviewing ( #232 )
...
No code changes, some config reordering
2019-05-15 23:20:10 +02:00
Léo Colombaro
c73d1efb60
Fix 304 responses Cache-control override
...
Fix #230
2019-05-15 21:07:50 +02:00
Léo Colombaro
7418b5023b
Fix dropped Cache-Control: no-transform usage for SVGZ Compression
2019-05-15 19:02:13 +02:00
Léo Colombaro
0a6c880be0
Improve wording and file headers
2019-05-15 18:26:04 +02:00
Léo Colombaro
282d979af4
Drop Cache-Control: no-transform usage
...
Obsoleted with secure servers
See https://github.com/h5bp/server-configs-apache/issues/185
2019-05-15 18:24:30 +02:00
Pete Cooper
28874c33f0
Add Google Public DNS IPv6 and Cloudflare DNS IP addresses to `resolver` ( #229 )
...
Co-authored-by: Léo Colombaro <git@colombaro.fr>
2019-05-15 02:07:47 +02:00
Pete Cooper
e30032165c
Fix misc typos in comments ( #228 )
2019-05-14 19:02:21 +02:00
Léo Colombaro
276af8da7b
Improve default Content-Security-Policy value ( #224 )
...
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
Léo Colombaro
d186781282
Update `ngx_pagespeed` docs link
2019-03-24 22:21:07 +01:00
Léo Colombaro
29ff09ac95
Remove CSP from basic.conf includes
...
Too strong for general purposes.
Closes #222
2019-03-15 18:58:47 +01:00
Léo Colombaro
cec616a103
SVGZ files are already compressed
...
Disable gzip function for them
Regression d2f4e5c68f
2019-03-09 15:08:44 +01:00
Léo Colombaro
3b0c4c41df
Fix regexp expressions in mime-types maps
2019-03-09 13:45:33 +01:00
Léo Colombaro
06e5fc8445
Remove extra match-any regexp
2019-03-09 02:41:29 +01:00
Mark Woon
d65cd97761
Use regexp in MIME-types based maps ( #221 )
...
Fix #220
Co-authored-by: Léo Colombaro <git@colombaro.fr>
2019-03-09 02:34:15 +01:00
Léo Colombaro
50a6d793ce
Remove duplicated .conf in include
2019-02-13 14:45:52 +01:00
Léo Colombaro
f600128203
Add Referrer-Policy for html document by default
2019-02-13 14:31:53 +01:00
Léo Colombaro
51f5ffab82
Clean up and prepare docs for v3
2019-02-12 12:25:30 +01:00
Léo Colombaro
283b292c5e
Add default recommended headers
...
Since no more location directive is used, making these header
available everywhere is possible without breaking servers.
2019-02-10 22:20:05 +01:00
Léo Colombaro
a4c9e2da8e
Better default certificates folder
...
Mapped as Docker Nginx image
2019-02-10 22:13:25 +01:00
Léo Colombaro
6dd4cc27ed
Switch from location directives to maps based on MIME-types
...
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
Léo Colombaro
2d135053cb
Move MIME-type and charset declaration into their own conf files
2019-02-10 20:40:50 +01:00
Léo Colombaro
452b630330
Update gzipped MIME-type following web standard
...
Source https://github.com/jshttp/mime-db
2019-02-10 20:38:23 +01:00