Created
July 30, 2015 13:25
-
-
Save CreativeNotice/1cf68fe3db748cd69c64 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<configuration> | |
<system.webServer> | |
<handlers> | |
... | |
</handlers> | |
<staticContent> | |
... | |
</staticContent> | |
<defaultDocument> | |
<files> | |
<add value="index.cfm" /> | |
</files> | |
</defaultDocument> | |
<rewrite> | |
<rules> | |
<rule name="Redirect index.cfm" stopProcessing="true"> | |
<match url="index\.cfm/(.*)" /> | |
<action type="Redirect" url="{R:1}" appendQueryString="false" /> | |
</rule> | |
<rule name="Rewrite index.cfm"> | |
<match url="(.*)" /> | |
<conditions> | |
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> | |
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> | |
</conditions> | |
<action type="Rewrite" url="index.cfm/{R:1}" /> | |
</rule> | |
</rules> | |
</rewrite> | |
<httpProtocol> | |
<customHeaders> | |
<remove name="X-Powered-By" /> | |
<add name="X-Frame-Options" value="SAMEORIGIN" /> | |
<add name="X-XSS-Protection" value="1; mode=block" /> | |
<add name="X-Content-Type-Options" value="nosniff" /> | |
<add name="X-Permitted-Cross-Domain-Policies" value="master-only" /> | |
<add name="Content-Security-Policy" value="default-src 'none'; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.intercom.io https://*.intercomcdn.com https://www.google.com https://ajax.googleapis.com https://apis.google.com https://ssl.google-analytics.com https://www.google-analytics.com http://stats.g.doubleclick.net; img-src 'self' data: https://*.intercomcdn.com https://ssl.google-analytics.com https://www.google-analytics.com http://stats.g.doubleclick.net; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://s3.amazonaws.com/uploads.intercomcdn.com https://services.pjtrailers.com; media-src 'self' https://*.intercomcdn.com https://www.youtube-nocookie.com https://player.vimeo.com; font-src 'self'; frame-src 'self' data: https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'self';" /> | |
</customHeaders> | |
</httpProtocol> | |
<httpErrors errorMode="Detailed" /> | |
</system.webServer> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment