html5-starter 0.2.3b → 0.2.9b
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +2 -2
- data/stylesheets/_html5-boilerplate.scss +1 -11
- data/stylesheets/html5-boilerplate/_helpers.scss +10 -17
- data/stylesheets/html5-boilerplate/_normalize.scss +214 -0
- data/stylesheets/html5-boilerplate/_print.scss +5 -10
- data/templates/project/files/404.html +42 -38
- data/templates/project/files/crossdomain.xml +8 -8
- data/templates/project/files/gitattributes.txt +1 -0
- data/templates/project/files/gitignore.txt +8 -3
- data/templates/project/files/htaccess +215 -158
- data/templates/project/files/humans.txt +43 -43
- data/templates/project/files/robots.txt +4 -5
- data/templates/project/index.html +34 -47
- data/templates/project/javascripts/libs/{jquery-1.5.1.js → jquery-1.7.1.js} +3125 -2175
- data/templates/project/javascripts/libs/jquery-1.7.1.min.js +4 -0
- data/templates/project/javascripts/libs/modernizr-2.5.3.min.js +4 -0
- data/templates/project/javascripts/plugins.js +4 -8
- data/templates/project/javascripts/script.js +1 -19
- data/templates/project/manifest.rb +6 -24
- data/templates/project/partials/_boilerplate-defaults.scss +7 -11
- data/templates/project/style.scss +28 -51
- metadata +10 -30
- data/stylesheets/html5-boilerplate/_fonts.scss +0 -38
- data/stylesheets/html5-boilerplate/_handheld.scss +0 -8
- data/stylesheets/html5-boilerplate/_reset.scss +0 -48
- data/stylesheets/html5-boilerplate/_styles.scss +0 -84
- data/templates/project/files/build/build.xml +0 -821
- data/templates/project/files/build/buildinfo.properties +0 -5
- data/templates/project/files/build/config/buildinfo.properties +0 -5
- data/templates/project/files/build/config/default.properties +0 -80
- data/templates/project/files/build/config/project.properties +0 -56
- data/templates/project/files/build/createproject.sh +0 -50
- data/templates/project/files/build/runbuildscript.bat +0 -5
- data/templates/project/files/build/tools/ant-contrib-1.0b3.jar +0 -0
- data/templates/project/files/build/tools/htmlcompressor-1.1.jar +0 -0
- data/templates/project/files/build/tools/jpegtran.exe +0 -0
- data/templates/project/files/build/tools/optipng-0.6.4-exe/LICENSE.txt +0 -21
- data/templates/project/files/build/tools/optipng-0.6.4-exe/optipng.exe +0 -0
- data/templates/project/files/build/tools/yuicompressor-2.4.5.jar +0 -0
- data/templates/project/handheld.scss +0 -8
- data/templates/project/javascripts/libs/dd_belatedpng.js +0 -13
- data/templates/project/javascripts/libs/jquery-1.5.1.min.js +0 -16
- data/templates/project/javascripts/libs/modernizr-1.7.min.js +0 -2
- data/templates/project/javascripts/rails.js +0 -156
@@ -11,8 +11,8 @@
|
|
11
11
|
|
12
12
|
|
13
13
|
###
|
14
|
-
### If you run a webserver other than
|
15
|
-
### github.com/
|
14
|
+
### If you run a webserver other than Apache, consider:
|
15
|
+
### github.com/h5bp/server-configs
|
16
16
|
###
|
17
17
|
|
18
18
|
|
@@ -25,18 +25,12 @@
|
|
25
25
|
# github.com/rails/rails/commit/123eb25#commitcomment-118920
|
26
26
|
# Use ChromeFrame if it's installed for a better experience for the poor IE folk
|
27
27
|
|
28
|
-
<IfModule mod_setenvif.c>
|
29
|
-
<IfModule mod_headers.c>
|
30
|
-
BrowserMatch MSIE ie
|
31
|
-
Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
|
32
|
-
</IfModule>
|
33
|
-
</IfModule>
|
34
|
-
|
35
28
|
<IfModule mod_headers.c>
|
36
|
-
|
37
|
-
#
|
38
|
-
|
39
|
-
|
29
|
+
Header set X-UA-Compatible "IE=Edge,chrome=1"
|
30
|
+
# mod_headers can't match by content-type, but we don't want to send this header on *everything*...
|
31
|
+
<FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|oex|xpi|safariextz|vcf)$" >
|
32
|
+
Header unset X-UA-Compatible
|
33
|
+
</FilesMatch>
|
40
34
|
</IfModule>
|
41
35
|
|
42
36
|
|
@@ -44,7 +38,7 @@
|
|
44
38
|
# Cross-domain AJAX requests
|
45
39
|
# ----------------------------------------------------------------------
|
46
40
|
|
47
|
-
# Serve cross-domain
|
41
|
+
# Serve cross-domain Ajax requests, disabled by default.
|
48
42
|
# enable-cors.org
|
49
43
|
# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
|
50
44
|
|
@@ -53,20 +47,40 @@
|
|
53
47
|
# </IfModule>
|
54
48
|
|
55
49
|
|
50
|
+
# ----------------------------------------------------------------------
|
51
|
+
# CORS-enabled images (@crossorigin)
|
52
|
+
# ----------------------------------------------------------------------
|
53
|
+
|
54
|
+
# Send CORS headers if browsers request them; enabled by default for images.
|
55
|
+
# developer.mozilla.org/en/CORS_Enabled_Image
|
56
|
+
# blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
|
57
|
+
# hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/
|
58
|
+
# wiki.mozilla.org/Security/Reviews/crossoriginAttribute
|
59
|
+
|
60
|
+
<IfModule mod_setenvif.c>
|
61
|
+
<IfModule mod_headers.c>
|
62
|
+
# mod_headers, y u no match by Content-Type?!
|
63
|
+
<FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
|
64
|
+
SetEnvIf Origin ":" IS_CORS
|
65
|
+
Header set Access-Control-Allow-Origin "*" env=IS_CORS
|
66
|
+
</FilesMatch>
|
67
|
+
</IfModule>
|
68
|
+
</IfModule>
|
69
|
+
|
56
70
|
|
57
71
|
# ----------------------------------------------------------------------
|
58
72
|
# Webfont access
|
59
73
|
# ----------------------------------------------------------------------
|
60
74
|
|
61
|
-
#
|
62
|
-
#
|
63
|
-
#
|
75
|
+
# Allow access from all domains for webfonts.
|
76
|
+
# Alternatively you could only whitelist your
|
77
|
+
# subdomains like "subdomain.example.com".
|
64
78
|
|
65
|
-
<
|
66
|
-
<
|
79
|
+
<IfModule mod_headers.c>
|
80
|
+
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
|
67
81
|
Header set Access-Control-Allow-Origin "*"
|
68
|
-
</
|
69
|
-
</
|
82
|
+
</FilesMatch>
|
83
|
+
</IfModule>
|
70
84
|
|
71
85
|
|
72
86
|
|
@@ -74,107 +88,135 @@
|
|
74
88
|
# Proper MIME type for all files
|
75
89
|
# ----------------------------------------------------------------------
|
76
90
|
|
77
|
-
|
91
|
+
|
92
|
+
# JavaScript
|
93
|
+
# Normalize to standard type (it's sniffed in IE anyways)
|
94
|
+
# tools.ietf.org/html/rfc4329#section-7.2
|
95
|
+
AddType application/javascript js
|
96
|
+
|
97
|
+
# Audio
|
78
98
|
AddType audio/ogg oga ogg
|
99
|
+
AddType audio/mp4 m4a
|
79
100
|
|
80
|
-
#
|
101
|
+
# Video
|
81
102
|
AddType video/ogg ogv
|
82
|
-
AddType video/mp4 mp4
|
103
|
+
AddType video/mp4 mp4 m4v
|
83
104
|
AddType video/webm webm
|
84
105
|
|
85
|
-
#
|
106
|
+
# SVG
|
107
|
+
# Required for svg webfonts on iPad
|
86
108
|
# twitter.com/FontSquirrel/status/14855840545
|
87
|
-
AddType image/svg+xml svg svgz
|
109
|
+
AddType image/svg+xml svg svgz
|
88
110
|
AddEncoding gzip svgz
|
89
|
-
|
90
|
-
#
|
111
|
+
|
112
|
+
# Webfonts
|
91
113
|
AddType application/vnd.ms-fontobject eot
|
92
|
-
AddType font
|
114
|
+
AddType application/x-font-ttf ttf ttc
|
93
115
|
AddType font/opentype otf
|
94
116
|
AddType application/x-font-woff woff
|
95
117
|
|
96
|
-
#
|
97
|
-
AddType image/x-icon
|
98
|
-
AddType image/webp
|
99
|
-
AddType text/cache-manifest
|
100
|
-
AddType text/x-component
|
101
|
-
AddType application/
|
102
|
-
AddType application/x-
|
103
|
-
AddType application/
|
118
|
+
# Assorted types
|
119
|
+
AddType image/x-icon ico
|
120
|
+
AddType image/webp webp
|
121
|
+
AddType text/cache-manifest appcache manifest
|
122
|
+
AddType text/x-component htc
|
123
|
+
AddType application/xml rss atom xml rdf
|
124
|
+
AddType application/x-chrome-extension crx
|
125
|
+
AddType application/x-opera-extension oex
|
126
|
+
AddType application/x-xpinstall xpi
|
127
|
+
AddType application/octet-stream safariextz
|
128
|
+
AddType application/x-web-app-manifest+json webapp
|
129
|
+
AddType text/x-vcard vcf
|
104
130
|
|
105
131
|
|
106
132
|
|
107
133
|
# ----------------------------------------------------------------------
|
108
|
-
# Allow concatenation from within specific js and css files
|
134
|
+
# Allow concatenation from within specific js and css files
|
109
135
|
# ----------------------------------------------------------------------
|
110
136
|
|
111
137
|
# e.g. Inside of script.combined.js you could have
|
112
138
|
# <!--#include file="libs/jquery-1.5.0.min.js" -->
|
113
139
|
# <!--#include file="plugins/jquery.idletimer.js" -->
|
114
|
-
# and they would be included into this single file
|
140
|
+
# and they would be included into this single file.
|
115
141
|
|
116
|
-
#
|
117
|
-
#
|
118
|
-
#
|
142
|
+
# This is not in use in the boilerplate as it stands. You may
|
143
|
+
# choose to name your files in this way for this advantage or
|
144
|
+
# concatenate and minify them manually.
|
119
145
|
# Disabled by default.
|
120
146
|
|
121
|
-
|
122
|
-
#
|
123
|
-
#
|
124
|
-
#
|
125
|
-
|
147
|
+
#<FilesMatch "\.combined\.js$">
|
148
|
+
# Options +Includes
|
149
|
+
# AddOutputFilterByType INCLUDES application/javascript application/json
|
150
|
+
# SetOutputFilter INCLUDES
|
151
|
+
#</FilesMatch>
|
152
|
+
#<FilesMatch "\.combined\.css$">
|
153
|
+
# Options +Includes
|
154
|
+
# AddOutputFilterByType INCLUDES text/css
|
155
|
+
# SetOutputFilter INCLUDES
|
156
|
+
#</FilesMatch>
|
126
157
|
|
127
158
|
|
128
159
|
# ----------------------------------------------------------------------
|
129
|
-
#
|
160
|
+
# Gzip compression
|
130
161
|
# ----------------------------------------------------------------------
|
131
162
|
|
132
163
|
<IfModule mod_deflate.c>
|
133
164
|
|
165
|
+
# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
|
166
|
+
<IfModule mod_setenvif.c>
|
167
|
+
<IfModule mod_headers.c>
|
168
|
+
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
169
|
+
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
170
|
+
</IfModule>
|
171
|
+
</IfModule>
|
134
172
|
|
135
|
-
#
|
136
|
-
<IfModule
|
137
|
-
|
138
|
-
|
139
|
-
|
173
|
+
# HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
|
174
|
+
<IfModule filter_module>
|
175
|
+
FilterDeclare COMPRESS
|
176
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html
|
177
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css
|
178
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain
|
179
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml
|
180
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component
|
181
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript
|
182
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json
|
183
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml
|
184
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml
|
185
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml
|
186
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml
|
187
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject
|
188
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml
|
189
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $image/x-icon
|
190
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf
|
191
|
+
FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype
|
192
|
+
FilterChain COMPRESS
|
193
|
+
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
|
140
194
|
</IfModule>
|
141
|
-
</IfModule>
|
142
|
-
# html, txt, css, js, json, xml, htc:
|
143
|
-
<IfModule filter_module>
|
144
|
-
FilterDeclare COMPRESS
|
145
|
-
FilterProvider COMPRESS DEFLATE resp=Content-Type /text/(html|css|javascript|plain|x(ml|-component))/
|
146
|
-
FilterProvider COMPRESS DEFLATE resp=Content-Type /application/(javascript|json|xml|x-javascript)/
|
147
|
-
FilterChain COMPRESS
|
148
|
-
FilterProtocol COMPRESS change=yes;byteranges=no
|
149
|
-
</IfModule>
|
150
195
|
|
151
|
-
<IfModule !mod_filter.c>
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
196
|
+
<IfModule !mod_filter.c>
|
197
|
+
# Legacy versions of Apache
|
198
|
+
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
|
199
|
+
AddOutputFilterByType DEFLATE application/javascript
|
200
|
+
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
|
201
|
+
AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
|
202
|
+
AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
|
203
|
+
</IfModule>
|
157
204
|
|
158
|
-
# webfonts and svg:
|
159
|
-
<FilesMatch "\.(ttf|otf|eot|svg)$" >
|
160
|
-
SetOutputFilter DEFLATE
|
161
|
-
</FilesMatch>
|
162
205
|
</IfModule>
|
163
206
|
|
164
207
|
|
165
|
-
|
166
208
|
# ----------------------------------------------------------------------
|
167
209
|
# Expires headers (for better cache control)
|
168
210
|
# ----------------------------------------------------------------------
|
169
211
|
|
170
|
-
#
|
171
|
-
#
|
212
|
+
# These are pretty far-future expires headers.
|
213
|
+
# They assume you control versioning with cachebusting query params like
|
172
214
|
# <script src="application.js?20100608">
|
173
|
-
#
|
215
|
+
# Additionally, consider that outdated proxies may miscache
|
174
216
|
# www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
|
175
217
|
|
176
|
-
#
|
177
|
-
# "access plus 1 week" or so
|
218
|
+
# If you don't use filenames to version, lower the CSS and JS to something like
|
219
|
+
# "access plus 1 week" or so.
|
178
220
|
|
179
221
|
<IfModule mod_expires.c>
|
180
222
|
ExpiresActive on
|
@@ -182,24 +224,25 @@ AddType application/octet-stream safariextz
|
|
182
224
|
# Perhaps better to whitelist expires rules? Perhaps.
|
183
225
|
ExpiresDefault "access plus 1 month"
|
184
226
|
|
185
|
-
# cache.appcache needs re-requests in FF 3.6 (
|
227
|
+
# cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
|
186
228
|
ExpiresByType text/cache-manifest "access plus 0 seconds"
|
187
229
|
|
188
|
-
#
|
230
|
+
# Your document html
|
189
231
|
ExpiresByType text/html "access plus 0 seconds"
|
190
|
-
|
191
|
-
#
|
232
|
+
|
233
|
+
# Data
|
192
234
|
ExpiresByType text/xml "access plus 0 seconds"
|
193
235
|
ExpiresByType application/xml "access plus 0 seconds"
|
194
236
|
ExpiresByType application/json "access plus 0 seconds"
|
195
237
|
|
196
|
-
#
|
238
|
+
# Feed
|
197
239
|
ExpiresByType application/rss+xml "access plus 1 hour"
|
240
|
+
ExpiresByType application/atom+xml "access plus 1 hour"
|
198
241
|
|
199
|
-
#
|
200
|
-
ExpiresByType image/x-icon "access plus 1 week"
|
242
|
+
# Favicon (cannot be renamed)
|
243
|
+
ExpiresByType image/x-icon "access plus 1 week"
|
201
244
|
|
202
|
-
#
|
245
|
+
# Media: images, video, audio
|
203
246
|
ExpiresByType image/gif "access plus 1 month"
|
204
247
|
ExpiresByType image/png "access plus 1 month"
|
205
248
|
ExpiresByType image/jpg "access plus 1 month"
|
@@ -208,26 +251,21 @@ AddType application/octet-stream safariextz
|
|
208
251
|
ExpiresByType audio/ogg "access plus 1 month"
|
209
252
|
ExpiresByType video/mp4 "access plus 1 month"
|
210
253
|
ExpiresByType video/webm "access plus 1 month"
|
211
|
-
|
212
|
-
#
|
254
|
+
|
255
|
+
# HTC files (css3pie)
|
213
256
|
ExpiresByType text/x-component "access plus 1 month"
|
214
|
-
|
215
|
-
#
|
216
|
-
ExpiresByType font
|
257
|
+
|
258
|
+
# Webfonts
|
259
|
+
ExpiresByType application/x-font-ttf "access plus 1 month"
|
217
260
|
ExpiresByType font/opentype "access plus 1 month"
|
218
261
|
ExpiresByType application/x-font-woff "access plus 1 month"
|
219
262
|
ExpiresByType image/svg+xml "access plus 1 month"
|
220
263
|
ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
|
221
|
-
|
222
|
-
#
|
223
|
-
ExpiresByType text/css "access plus
|
224
|
-
ExpiresByType application/javascript "access plus
|
225
|
-
|
226
|
-
|
227
|
-
<IfModule mod_headers.c>
|
228
|
-
Header append Cache-Control "public"
|
229
|
-
</IfModule>
|
230
|
-
|
264
|
+
|
265
|
+
# CSS and JavaScript
|
266
|
+
ExpiresByType text/css "access plus 1 year"
|
267
|
+
ExpiresByType application/javascript "access plus 1 year"
|
268
|
+
|
231
269
|
</IfModule>
|
232
270
|
|
233
271
|
|
@@ -236,6 +274,11 @@ AddType application/octet-stream safariextz
|
|
236
274
|
# ETag removal
|
237
275
|
# ----------------------------------------------------------------------
|
238
276
|
|
277
|
+
# FileETag None is not enough for every server.
|
278
|
+
<IfModule mod_headers.c>
|
279
|
+
Header unset ETag
|
280
|
+
</IfModule>
|
281
|
+
|
239
282
|
# Since we're sending far-future expires, we don't need ETags for
|
240
283
|
# static content.
|
241
284
|
# developer.yahoo.com/performance/rules.html#etags
|
@@ -266,9 +309,7 @@ FileETag None
|
|
266
309
|
# If needed, uncomment and specify a path or regex in the Location directive
|
267
310
|
|
268
311
|
# <IfModule mod_headers.c>
|
269
|
-
#
|
270
|
-
# Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
|
271
|
-
# </Location>
|
312
|
+
# Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
|
272
313
|
# </IfModule>
|
273
314
|
|
274
315
|
|
@@ -278,8 +319,10 @@ FileETag None
|
|
278
319
|
# ----------------------------------------------------------------------
|
279
320
|
|
280
321
|
# Turning on the rewrite engine is necessary for the following rules and features.
|
322
|
+
# FollowSymLinks must be enabled for this to work.
|
281
323
|
|
282
324
|
<IfModule mod_rewrite.c>
|
325
|
+
Options +FollowSymlinks
|
283
326
|
RewriteEngine On
|
284
327
|
</IfModule>
|
285
328
|
|
@@ -303,65 +346,29 @@ FileETag None
|
|
303
346
|
# ----------------------------------------------------------------------
|
304
347
|
|
305
348
|
# Option 1:
|
306
|
-
# Rewrite "www.
|
349
|
+
# Rewrite "www.example.com -> example.com"
|
307
350
|
|
308
351
|
<IfModule mod_rewrite.c>
|
309
352
|
RewriteCond %{HTTPS} !=on
|
310
353
|
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
|
311
|
-
RewriteRule ^
|
354
|
+
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
|
312
355
|
</IfModule>
|
313
356
|
|
314
357
|
# ----------------------------------------------------------------------
|
315
358
|
|
316
359
|
# Option 2:
|
317
|
-
# To rewrite "
|
360
|
+
# To rewrite "example.com -> www.example.com" uncomment the following lines.
|
318
361
|
# Be aware that the following rule might not be a good idea if you
|
319
362
|
# use "real" subdomains for certain parts of your website.
|
320
363
|
|
321
364
|
# <IfModule mod_rewrite.c>
|
322
365
|
# RewriteCond %{HTTPS} !=on
|
323
366
|
# RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
|
324
|
-
#
|
325
|
-
# RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
|
367
|
+
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
326
368
|
# </IfModule>
|
327
369
|
|
328
370
|
|
329
371
|
|
330
|
-
# ----------------------------------------------------------------------
|
331
|
-
# Add/remove trailing slash to (non-file) URLs
|
332
|
-
# ----------------------------------------------------------------------
|
333
|
-
|
334
|
-
# Google treats URLs with and without trailing slashes separately.
|
335
|
-
# Forcing a trailing slash is usually preferred, but all that's really
|
336
|
-
# important is that one correctly redirects to the other.
|
337
|
-
|
338
|
-
# By default option 1 (force trailing slash) is activated.
|
339
|
-
# http://googlewebmastercentral.blogspot.com/2010/04/to-slash-or-not-to-slash.html
|
340
|
-
# http://www.alistapart.com/articles/slashforward/
|
341
|
-
# http://httpd.apache.org/docs/2.0/misc/rewriteguide.html#url Trailing Slash Problem
|
342
|
-
|
343
|
-
# ----------------------------------------------------------------------
|
344
|
-
|
345
|
-
# Option 1:
|
346
|
-
# Rewrite "domain.com/foo -> domain.com/foo/"
|
347
|
-
|
348
|
-
<IfModule mod_rewrite.c>
|
349
|
-
RewriteCond %{REQUEST_FILENAME} !-f
|
350
|
-
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/|#(.*))$
|
351
|
-
RewriteRule ^(.*)$ /$1/ [R=301,L]
|
352
|
-
</IfModule>
|
353
|
-
|
354
|
-
# ----------------------------------------------------------------------
|
355
|
-
|
356
|
-
# Option 2:
|
357
|
-
# Rewrite "domain.com/foo/ -> domain.com/foo"
|
358
|
-
|
359
|
-
#<IfModule mod_rewrite.c>
|
360
|
-
# RewriteRule ^(.*)/$ /$1 [R=301,L]
|
361
|
-
#</IfModule>
|
362
|
-
|
363
|
-
|
364
|
-
|
365
372
|
# ----------------------------------------------------------------------
|
366
373
|
# Built-in filename-based cache busting
|
367
374
|
# ----------------------------------------------------------------------
|
@@ -371,7 +378,7 @@ FileETag None
|
|
371
378
|
# /css/style.20110203.css to /css/style.css
|
372
379
|
|
373
380
|
# To understand why this is important and a better idea than all.css?v1231,
|
374
|
-
# read: github.com/
|
381
|
+
# read: github.com/h5bp/html5-boilerplate/wiki/cachebusting
|
375
382
|
|
376
383
|
# Uncomment to enable.
|
377
384
|
# <IfModule mod_rewrite.c>
|
@@ -381,18 +388,18 @@ FileETag None
|
|
381
388
|
# </IfModule>
|
382
389
|
|
383
390
|
|
384
|
-
|
391
|
+
|
385
392
|
# ----------------------------------------------------------------------
|
386
393
|
# Prevent SSL cert warnings
|
387
394
|
# ----------------------------------------------------------------------
|
388
395
|
|
389
|
-
# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
|
390
|
-
# https://www.
|
396
|
+
# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
|
397
|
+
# https://www.example.com when your cert only allows https://secure.example.com
|
391
398
|
# Uncomment the following lines to use this feature.
|
392
399
|
|
393
400
|
# <IfModule mod_rewrite.c>
|
394
401
|
# RewriteCond %{SERVER_PORT} !^443
|
395
|
-
# RewriteRule
|
402
|
+
# RewriteRule ^ https://example-domain-please-change-me.com%{REQUEST_URI} [R=301,L]
|
396
403
|
# </IfModule>
|
397
404
|
|
398
405
|
|
@@ -401,15 +408,15 @@ FileETag None
|
|
401
408
|
# Prevent 404 errors for non-existing redirected folders
|
402
409
|
# ----------------------------------------------------------------------
|
403
410
|
|
404
|
-
# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
|
411
|
+
# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
|
405
412
|
# e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
|
406
413
|
|
407
|
-
Options -MultiViews
|
414
|
+
Options -MultiViews
|
408
415
|
|
409
416
|
|
410
417
|
|
411
418
|
# ----------------------------------------------------------------------
|
412
|
-
#
|
419
|
+
# Custom 404 page
|
413
420
|
# ----------------------------------------------------------------------
|
414
421
|
|
415
422
|
# You can add custom pages to handle 500 or 403 pretty easily, if you like.
|
@@ -421,11 +428,11 @@ ErrorDocument 404 /404.html
|
|
421
428
|
# UTF-8 encoding
|
422
429
|
# ----------------------------------------------------------------------
|
423
430
|
|
424
|
-
#
|
431
|
+
# Use UTF-8 encoding for anything served text/plain or text/html
|
425
432
|
AddDefaultCharset utf-8
|
426
433
|
|
427
|
-
#
|
428
|
-
AddCharset utf-8 .
|
434
|
+
# Force UTF-8 for a number of file formats
|
435
|
+
AddCharset utf-8 .css .js .xml .json .rss .atom
|
429
436
|
|
430
437
|
|
431
438
|
|
@@ -443,16 +450,30 @@ AddCharset utf-8 .html .css .js .xml .json .rss
|
|
443
450
|
# "-Indexes" will have Apache block users from browsing folders without a default document
|
444
451
|
# Usually you should leave this activated, because you shouldn't allow everybody to surf through
|
445
452
|
# every folder on your server (which includes rather private places like CMS system folders).
|
446
|
-
|
453
|
+
<IfModule mod_autoindex.c>
|
454
|
+
Options -Indexes
|
455
|
+
</IfModule>
|
447
456
|
|
448
457
|
|
449
458
|
# Block access to "hidden" directories whose names begin with a period. This
|
450
459
|
# includes directories used by version control systems such as Subversion or Git.
|
451
460
|
<IfModule mod_rewrite.c>
|
461
|
+
RewriteCond %{SCRIPT_FILENAME} -d
|
462
|
+
RewriteCond %{SCRIPT_FILENAME} -f
|
452
463
|
RewriteRule "(^|/)\." - [F]
|
453
464
|
</IfModule>
|
454
465
|
|
455
466
|
|
467
|
+
# Block access to backup and source files
|
468
|
+
# This files may be left by some text/html editors and
|
469
|
+
# pose a great security danger, when someone can access them
|
470
|
+
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
|
471
|
+
Order allow,deny
|
472
|
+
Deny from all
|
473
|
+
Satisfy All
|
474
|
+
</FilesMatch>
|
475
|
+
|
476
|
+
|
456
477
|
# If your server is not already configured as such, the following directive
|
457
478
|
# should be uncommented in order to set PHP's register_globals option to OFF.
|
458
479
|
# This closes a major security hole that is abused by most XSS (cross-site
|
@@ -470,9 +491,45 @@ Options -Indexes
|
|
470
491
|
|
471
492
|
# php_flag register_globals Off
|
472
493
|
|
494
|
+
# Rename session cookie to something else, than PHPSESSID
|
495
|
+
# php_value session.name sid
|
496
|
+
|
497
|
+
# Do not show you are using PHP
|
498
|
+
# Note: Move this line to php.ini since it won't work in .htaccess
|
499
|
+
# php_flag expose_php Off
|
500
|
+
|
501
|
+
# Level of log detail - log all errors
|
502
|
+
# php_value error_reporting -1
|
503
|
+
|
504
|
+
# Write errors to log file
|
505
|
+
# php_flag log_errors On
|
506
|
+
|
507
|
+
# Do not display errors in browser (production - Off, development - On)
|
508
|
+
# php_flag display_errors Off
|
509
|
+
|
510
|
+
# Do not display startup errors (production - Off, development - On)
|
511
|
+
# php_flag display_startup_errors Off
|
512
|
+
|
513
|
+
# Format errors in plain text
|
514
|
+
# Note: Leave this setting 'On' for xdebug's var_dump() output
|
515
|
+
# php_flag html_errors Off
|
516
|
+
|
517
|
+
# Show multiple occurrence of error
|
518
|
+
# php_flag ignore_repeated_errors Off
|
519
|
+
|
520
|
+
# Show same errors from different sources
|
521
|
+
# php_flag ignore_repeated_source Off
|
522
|
+
|
523
|
+
# Size limit for error messages
|
524
|
+
# php_value log_errors_max_len 1024
|
525
|
+
|
526
|
+
# Don't precede error with string (doesn't accept empty string, use whitespace if you need)
|
527
|
+
# php_value error_prepend_string " "
|
528
|
+
|
529
|
+
# Don't prepend to error (doesn't accept empty string, use whitespace if you need)
|
530
|
+
# php_value error_append_string " "
|
473
531
|
|
474
532
|
# Increase cookie security
|
475
533
|
<IfModule php5_module>
|
476
|
-
php_value session.cookie_httponly true
|
534
|
+
php_value session.cookie_httponly true
|
477
535
|
</IfModule>
|
478
|
-
|