Category Archives: Hosting

Content-Security-Policy Header Issue

Introduction

https://devco.re/blog/2014/04/08/security-issues-of-http-headers-2-content-security-policy/

PHP Example:

header("Content-Security-Policy: default-src *; img-src *; frame-src https:; script-src https: 'self' 'nonce-1234'; style-src https: 'self' 'nonce-1234'");

Test Results

  • ‘unsafe-inline’
    This source doesn’t work anymore. Inline scripts will still be blocked.
  • It seems ‘nonce’ is the best way to solve inline script issue
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-F1234"></script>
<script nonce="{{ $nonce }}">
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'G-F1234');
</script>

Reference

Add Custom Virtual Host in laragon

  1. Add a sub folder in laragon root.
  2. Rewrite .conf in D:\laragon\etc\apache2\sites-enabled
    Change DocumentRoot and Directory
  3. Reload Apache

Example:

Reference

  1. https://stackoverflow.com/questions/63318438/how-to-set-custom-virtual-host-name-in-laragon
  2. Tool
    https://github.com/bantya/CmdVirtualHost

New domain for Apache

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts

Commands

Change permission:

Restart apache:

 

htaccess Redirection with URL param

 

Change upload size limit by htaccess

This solution works even in  shared server.