smeserver/smeserver-apache
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Thu Jan 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme

Browse Source 
- fix OCSP Stapling support [SME: 12819]
- fix .well-known/security.txt [SME: 12818]
- add X-Permitted-Cross-Domain-Policies header [SME: 12857]
- add  Cross-Origin headers [SME: 12856]
- add Permissions-Policy header [SME: 12855]
This commit is contained in:
Jean-Philippe Pialasse
2025-01-02 00:13:14 -05:00
parent aecee0e087
commit 1bfad8c651
6 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL36SSLStapling
View File

@@ -1,2 +1,2 @@
SSLUseStapling On
SSLStaplingCache dbm:/run/httpd/ssl_stapling(32768)
SSLStaplingCache dbm:/run/httpd/ssl_stapling

1
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Cross-Domain Normal file
View File

@@ -0,0 +1 @@
header setifempty X-Permitted-Cross-Domain-Policies "none"

5
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Cross-Origin Normal file
View File

@@ -0,0 +1,5 @@
Header setifempty Cross-Origin-Embedder-Policy "unsafe-none; report-to='default'"
Header setifempty Cross-Origin-Embedder-Policy-Report-Only "unsafe-none; report-to='default'"
Header setifempty Cross-Origin-Opener-Policy "unsafe-none"
Header setifempty Cross-Origin-Opener-Policy-Report-Only "unsafe-none; report-to='default'"
Header setifempty Cross-Origin-Resource-Policy "same-site"

1
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Permissions-Policy Normal file
View File

@@ -0,0 +1 @@
Header setifempty Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()"

2
root/etc/e-smith/templates/var/www/html/.well-known/security.txt/20encryption
View File

@@ -4,5 +4,5 @@ Encryption: {
# Encryption: https://example.com/pgp-key.txt
# Encryption: dns:5d2d37ab76d47d36._openpgpkey.example.com?type=OPENPGPKEY
# Encryption: openpgp4fpr:5f2de5521c63a801ab59ccb603d49de44b29100f
${'httpd-e-smith'}{'SecurityEncryption'}||'none'}
${'httpd-e-smith'}{'SecurityEncryption'}||'openpgp4fpr:'}

9
smeserver-apache.spec
View File

@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - apache module
%define name smeserver-apache
Name: %{name}
%define version 11.0.0
%define release 11
%define release 12
Version: %{version}
Release: %{release}%{?dist}
License: GPL
@@ -74,6 +74,13 @@ if [ $1 -gt 1 ] ; then
fi
%changelog
* Thu Jan 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
- fix OCSP Stapling support [SME: 12819]
- fix .well-known/security.txt [SME: 12818]
- add X-Permitted-Cross-Domain-Policies header [SME: 12857]
- add Cross-Origin headers [SME: 12856]
- add Permissions-Policy header [SME: 12855]
* Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
- add X-Content-Type-Options nosniff [SME: 12835]
- add Strict Transport Security support HSTS [SME: 12815]