-
Notifications
You must be signed in to change notification settings - Fork 21
/
htaccess.txt
99 lines (66 loc) · 3.5 KB
/
htaccess.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# RENAME THIS TO .htaccess
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/csv
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>
SetEnvIfNoCase User-Agent ^$ noUserAgent
SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) badUserAgent=$1
<limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=badUserAgent
</limit>
AddType text/javascript .js .ts .mjs .cjs
AddType application/wasm wasm
<IfModule mod_headers.c>
Header set Cross-Origin-Embedder-Policy "require-corp"
Header set Cross-Origin-Opener-Policy "same-origin"
Header set Cross-Origin-Resource-Policy: "cross-origin"
#Header set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header set Referrer-Policy: "origin"
Header set Reporting-Endpoints: "devnull=https://papeg.ai/devnull.php"
#Header set Access-Control-Allow-Origin "*"
Header always set Cache-Control "no-cache, no-store, must-revalidate"
Header always set Pragma "no-cache"
Header always set Expires 0
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
#Header always set Permissions-Policy: interest-cohort=()
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
Options +FollowSymLinks
Options -Indexes
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# NC = case insensitive
# R = temporary redirect to new URL
# R=301 = permanent redirect to new URL
# QSA = append query string from request to substituted URL
# TODO Not sure that this makes sense. Wouldn't this just allow those sites to load files from this one?
SetEnvIf Origin "http(s)?://(.+\.)?(localhost|localhostje\.dd|papeg\.ai|papegai\.eu|hf\.co|huggingface\.co|github\.com|jsdelivr\.net)(:\d{1,5})?$" CORS=$0
Header add Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'inline-speculation-rules' data: blob: ; base-uri 'self' ; report-uri https://papeg.ai/devnull.php ; report-to devnull %{CORS}e" env=CORS
Header merge Vary "Origin"
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !index.html
RewriteCond %{REQUEST_URI} !cors_fetch
RewriteRule ^\?file=https://papeg.ai/$ / [NC,R=301] # not sure what is causing this behaviour in the first place
RewriteRule ^\?file=https://papegai.eu/$ / [NC,R=301]
RewriteRule ^\??(http[0-9A-Za-z@%_\-\.\:\/]+.gguf) /index.html?ai=$1 [NC,R=301,QSA,L]
RewriteRule ^\??([0-9A-Za-z_]+)\/(http[0-9A-Za-z@%_\-\.\:\/]+) /index.html?do=$1&file=$2 [NC,R=301,QSA,L] # /describe/https://www.example.org/image.jpg
RewriteRule ^\??(http[0-9A-Za-z@%_\-\.\:\/]+) /index.html?file=$1 [NC,R=301,QSA,L]
RewriteRule ^\??([0-9A-Za-z_]+)$ /index.html?do=$1 [NC,R=301,L]
</IfModule>
</IfModule>