Cleaned up some code, Replaced robots.txt & sitemap.txt with PHP code, Updated gitignore rules

Update .gitignore, .htaccess, and 11 more files...
2023-11-08 01:04:07 +01:00
parent f14b8d33a6
commit ebba159b43
13 changed files with 113 additions and 212 deletions
--- a/.htaccess
+++ b/.htaccess
@@ -1,41 +1,51 @@
-# Prevent access to .htaccess
+# Preventing access to .htaccess
 <Files ~ "^.*\.([Hh][Tt][Aa]|[Pp][Yy])">
    Require all denied
 </Files>

+
 # Redirecting HTTP traffic to HTTPS. (Keep commented on localhost !)
-# This is handled by other services, but it should still be enabled in production just to be safe.
+# This is handled by reverse-proxies, but it should still be enabled in production just to be safe.
 #RewriteEngine On
 #RewriteCond %{SERVER_PORT} 80
 #RewriteRule ^(.*)$ https://nibblepoker.lu/$1 [R,L]

+
 # Fixing some encoding issues on non-HTML files.
-# Mostly affects the old privacy policies written in french.
+# Mostly affects the old privacy policies written in french.  (Accents have issues in non-utf8 encodings !)
 AddCharset utf-8 .css .txt .js .md .ts .mjs
 #<Files ~ "\.txt?$">
 #    Header set Content-Type "text/plain; charset=utf-8"
 #</Files>
 #AddDefaultCharset utf-8

+
 # Adding MIME types
 AddType text/typescript .ts
 AddType text/javascript .js
 AddType text/javascript .mjs
 AddType application/wasm .wasm
+AddType video/x-matroska mkv
+

 # Correcting some default options for security and language/content redirection.
-# FollowSymlinks is also on since it's required for "mod_rewrite" and the server is jailed.
+# FollowSymlinks is also on since it's required for "mod_rewrite" and the server is jailed/containerized.
 Options -Indexes +FollowSymlinks -ExecCGI
+
+# Does nothing, thanks Apache...
 ServerSignature Off

+
 # Serving minified pages and/or pre-rendered ones first if available.
 DirectoryIndex index.min.html index.min.php index.php index.html

+
 # Custom error pages.
 ErrorDocument 403 /error.php
 ErrorDocument 404 /error.php

-# Setting up browser's caching rules
+
+# Setting up browser's caching rules.
 # See:
 #  * https://stackoverflow.com/a/13029007
 #  * https://www.a2hosting.com/kb/developer-corner/apache-web-server/turning-off-caching-using-htaccess
@@ -57,7 +67,9 @@ ErrorDocument 404 /error.php
 #Header set Pragma "no-cache"
 #Header set Expires 0

-# Setting up GZIP
+
+# Setting up GZIP.
+# It's optional since reverse-proxies or caching layers will usually do it for us.
 <ifModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
@@ -69,23 +81,32 @@ ErrorDocument 404 /error.php
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
 </ifModule>

-# # # Setting some headers for security.
-# # #Header always set X-Detected-Country "NK"
+
+# Setting some headers for security.
+# Will cause "fail-safe crashes" if the "headers" module isn't enabled.
 Header always set X-Frame-Options "deny"
-# # Header always set Content-Security-Policy "default-src 'self' files.nibblepoker.lu; img-src 'self' files.nibblepoker.lu data:; object-src 'none'; child-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content"
+# Header always set Content-Security-Policy "default-src 'self' files.nibblepoker.lu; img-src 'self' files.nibblepoker.lu data:; object-src 'none'; child-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content"
 Header always set X-XSS-Protection " 1; mode=block"
 Header always set Referrer-Policy "no-referrer"
 Header always set X-Content-Type-Options "nosniff"
 Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
 #Header always set Cache-Control "max-age=300, public"
 Header always set Access-Control-Allow-Origin "*"
-Header unset X-Powered-By
-#Header always set X-Powered-By "Amiga 1200, Kickstart 3.1"
 Header always set Permissions-Policy "browsing-topics=(), interest-cohort=()"

+# Removing some headers since they often raise BS alarms about too much back-end info being sent to clients.
+# Note: These headers can actually be removed by most reverse-proxies.
+Header unset X-Powered-By
+
+
 # Handling all other redirections.
+# Will cause "fail-safe crashes" if the "rewrite" module isn't enabled.
 RewriteEngine On

-# Languages. (Does not work with a regex)
-RewriteRule ^en/(.*)$ /$1 [QSA]
-RewriteRule ^fr/(.*)$ /$1 [QSA]
+# Serving normal pages when a specific language key is at the beginning of the requested path.
+# We use a regex to match all supported languages and use the 3rd ground, `(.*)` as `$3`, as the "real" path.
+RewriteRule ^((en|fr)/)(.*)$ /$3 [QSA]
+
+# Handling requests for "robots.txt" and "sitemap.txt" via PHP.
+RewriteRule ^(en/|fr/)?robots.txt$ robots.php [L]
+RewriteRule ^(en/|fr/)?sitemap.txt$ sitemap.php [L]