This repository has been archived by the owner on May 3, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 94
/
.htaccess
32 lines (29 loc) · 1.6 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
Options -Indexes
# ---
# Uncomment these lines to change PHP parameters if you are using the PHP Apache module
# ---
#<IfModule mod_php5.c>
# php_value max_execution_time 200
# php_value post_max_size 200M
# php_value upload_max_size 200M
# php_value upload_max_filesize 20M
# php_value max_file_uploads 100
#</IfModule>
<IfModule mod_php7.c>
php_value max_execution_time 200
php_value post_max_size 500M
php_value upload_max_filesize 500M
php_value max_file_uploads 100
</IfModule>
# ---
# Uncomment these lines when you want to allow access to the Lychee API from different origins
# ---
#Header add Access-Control-Allow-Origin "*"
#Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
#Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
<IfModule mod_headers.c>
# Here we set CSP for Lychee. The first option is fairly forgiving. The second is stricter, but *should* still work.
# Additionally, you may wish to set up a report-uri.
Header set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.dropbox.com; connect-src 'self' https://lycheeorg.github.io; form-action 'none'; base-uri 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content;"
# Header set Content-Security-Policy "default-src 'none'; style-src 'self'; script-src 'self' https://www.dropbox.com; connect-src 'self' https://lycheeorg.github.io; img-src 'self'; media-src 'self'; prefetch-src 'self'; form-action 'none'; base-uri 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content;"
</IfModule>