Léo Colombaro
f6e5a123e2
Improve security headers documentation
...
Refresh and reorder links
2021-06-14 12:38:26 +02:00
Léo Colombaro
836467c8b5
Drop `X-XSS-Protection` header usage as per its deprecation
...
Ref https://github.com/h5bp/server-configs-apache/pull/253
Ref https://github.com/h5bp/server-configs-apache/issues/198
Closes https://github.com/h5bp/server-configs-nginx/pull/260
2021-06-14 01:14:22 +02:00
Julio
501444ab43
Improve `X-Frame-Options` documentation ( #277 )
...
Co-authored-by: Léo Colombaro <git@colombaro.fr>
2021-06-13 23:30:25 +02:00
Pete Cooper
654f1aa49c
minor presentational fixes
2020-12-29 20:55:50 +01:00
Léo Colombaro
abcf858614
Assorted grammar and link fixes
2020-04-14 11:54:27 +02:00
Vincent Herbet
d2f597235a
Do no use non-ASCII characters in loaded configs
...
I had an issue with Certbot (let's encrypt) which failed to reload nginx due to a non-ASCII character in a loaded config file.
E.g.: `Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: 'ascii' codec can't decode byte 0xe2 in position 762: ordinal not in range(128). Skipping.`
I found this character using `grep -r -P '[^\x00-\x7f]' /etc/nginx`.
2020-02-05 18:33:14 +01:00
Léo Colombaro
e0724b8149
Stricter default for Referrer Policy
...
Ref: https://github.com/h5bp/server-configs-apache/pull/204
2020-01-03 19:36:51 +01:00
Léo Colombaro
177a5e94a6
Improve HSTS documentation
...
Ref: https://github.com/h5bp/server-configs-apache/pull/196
2020-01-03 19:34:40 +01:00
Léo Colombaro
d7fc6c362d
Fix rebase artifacts
2019-05-16 00:16:59 +02:00
Pete Cooper
67c54c53f1
Documentation formatting and reviewing ( #232 )
...
No code changes, some config reordering
2019-05-15 23:20:10 +02:00
Léo Colombaro
0a6c880be0
Improve wording and file headers
2019-05-15 18:26:04 +02:00
Pete Cooper
e30032165c
Fix misc typos in comments ( #228 )
2019-05-14 19:02:21 +02:00
Léo Colombaro
276af8da7b
Improve default Content-Security-Policy value ( #224 )
...
See https://github.com/h5bp/server-configs-apache/pull/181
2019-03-26 12:41:15 +01:00
Léo Colombaro
f600128203
Add Referrer-Policy for html document by default
2019-02-13 14:31:53 +01:00
Léo Colombaro
6dd4cc27ed
Switch from location directives to maps based on MIME-types
...
* Expire
* X-XSS-Protection
* X-Frame-Options
* X-UA-Compatible
* Content-Security-Policy
* Access-Control-Allow-Origin
2019-02-10 21:56:10 +01:00
Léo Colombaro
10fc3a39a6
Split SSL config
...
Prepare #180
2018-11-29 10:39:33 +01:00
Léo Colombaro
496af1cfd5
Split directives to enforce atomic structure
...
* Enforce H5BP style
* Improve inline documentation to simplify maintenance
* Prepare v3
2018-11-23 17:19:51 +01:00