From: unlishema Date: Thu, 18 Sep 2025 16:20:01 +0000 (-0400) Subject: Testing out CORS live X-Git-Url: https://git.slayer.unlishema.org/?a=commitdiff_plain;h=bba38abb92d0ebda97c18a6746642a71da4adf77;p=slayer.unlishema.org%2F.git Testing out CORS live --- diff --git a/dist/.htaccess b/dist/.htaccess index 85193d9..bb510dd 100644 --- a/dist/.htaccess +++ b/dist/.htaccess @@ -17,34 +17,44 @@ ErrorDocument 502 /pages/error.html?code=502 ErrorDocument 503 /pages/error.html?code=503 ErrorDocument 504 /pages/error.html?code=504 -# Security Headers for slayer.unlishema.org +# Prevent Directory Listing +Options -Indexes + +# Deny access to .htaccess and sensitive files + + Require all denied + + +# Security and Performance Headers + # Unset conflicting headers first + Header unset ETag + Header unset Cache-Control + + # Security Headers for slayer.unlishema.org Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set Referrer-Policy "strict-origin-when-cross-origin" - Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors http://unlishema.local https://unlishema.org https://*.unlishema.org" + Header set Content-Security-Policy "default-src 'self' https://oldschool.runescape.wiki; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://oldschool.runescape.wiki; font-src 'self'; frame-ancestors http://unlishema.local https://unlishema.org https://*.unlishema.org" Header set Permissions-Policy "geolocation=(), microphone=(), camera=()" # Set the Host header to ensure requests target slayer.unlishema.org Header set Host "slayer.unlishema.org" - - -# Prevent Directory Listing -Options -Indexes -# Deny access to .htaccess and sensitive files - - Require all denied - + # Custom Cache-Control for specific files + + Header set Cache-Control "no-cache, no-store, must-revalidate" + -# Disable ETag for performance - - Header unset ETag + # Leverage Browser Caching for static resources (overridden by the above rule for icon.png) + Header set Cache-Control "public, max-age=31536000" + +# Disable ETag for performance (FileETag None is outside the mod_headers block) FileETag None -# Leverage Browser Caching for static resources +# Leverage Browser Caching for static resources (using mod_expires) ExpiresActive On ExpiresByType image/jpg "access plus 3 months" @@ -58,14 +68,4 @@ FileETag None ExpiresByType application/javascript "access plus 6 hours" ExpiresByType image/x-icon "access plus 1 year" ExpiresDefault "access plus 1 day" - - -# Custom Cache-Control for favicon (icon file located at images/icon.png) - - Header set Cache-Control "no-cache, no-store, must-revalidate" - - -# Custom Cache-Control for static files - - Header set Cache-Control "public, max-age=31536000" - + \ No newline at end of file diff --git a/dist/dev.html b/dist/dev.html new file mode 100644 index 0000000..821f53e --- /dev/null +++ b/dist/dev.html @@ -0,0 +1,274 @@ + + + + + OSRS Wiki CORS Test + + + + +

OSRS Wiki CORS Test

This page tests CORS with the OSRS wiki and demonstrates fetching data.

+ +

Search a Bucket

+ + Enter a bucket API query:
+ +
+ Choose an default bucket:
+
+ +

Select an Item

+ Choose an item from query:
+ +

+ +

Extracted Item Data

Select an item to display its data here.

+ +

Raw Data

Raw JSON data will appear here.

+ + + + + \ No newline at end of file diff --git a/dist/pages/data/version.json b/dist/pages/data/version.json index 8aa0c33..ef08071 100644 --- a/dist/pages/data/version.json +++ b/dist/pages/data/version.json @@ -1,3 +1,3 @@ { - "version": "0.0.31" + "version": "0.0.32" } \ No newline at end of file diff --git a/src/.htaccess b/src/.htaccess index 85193d9..bb510dd 100644 --- a/src/.htaccess +++ b/src/.htaccess @@ -17,34 +17,44 @@ ErrorDocument 502 /pages/error.html?code=502 ErrorDocument 503 /pages/error.html?code=503 ErrorDocument 504 /pages/error.html?code=504 -# Security Headers for slayer.unlishema.org +# Prevent Directory Listing +Options -Indexes + +# Deny access to .htaccess and sensitive files + + Require all denied + + +# Security and Performance Headers + # Unset conflicting headers first + Header unset ETag + Header unset Cache-Control + + # Security Headers for slayer.unlishema.org Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header set Referrer-Policy "strict-origin-when-cross-origin" - Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors http://unlishema.local https://unlishema.org https://*.unlishema.org" + Header set Content-Security-Policy "default-src 'self' https://oldschool.runescape.wiki; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://oldschool.runescape.wiki; font-src 'self'; frame-ancestors http://unlishema.local https://unlishema.org https://*.unlishema.org" Header set Permissions-Policy "geolocation=(), microphone=(), camera=()" # Set the Host header to ensure requests target slayer.unlishema.org Header set Host "slayer.unlishema.org" - - -# Prevent Directory Listing -Options -Indexes -# Deny access to .htaccess and sensitive files - - Require all denied - + # Custom Cache-Control for specific files + + Header set Cache-Control "no-cache, no-store, must-revalidate" + -# Disable ETag for performance - - Header unset ETag + # Leverage Browser Caching for static resources (overridden by the above rule for icon.png) + Header set Cache-Control "public, max-age=31536000" + +# Disable ETag for performance (FileETag None is outside the mod_headers block) FileETag None -# Leverage Browser Caching for static resources +# Leverage Browser Caching for static resources (using mod_expires) ExpiresActive On ExpiresByType image/jpg "access plus 3 months" @@ -58,14 +68,4 @@ FileETag None ExpiresByType application/javascript "access plus 6 hours" ExpiresByType image/x-icon "access plus 1 year" ExpiresDefault "access plus 1 day" - - -# Custom Cache-Control for favicon (icon file located at images/icon.png) - - Header set Cache-Control "no-cache, no-store, must-revalidate" - - -# Custom Cache-Control for static files - - Header set Cache-Control "public, max-age=31536000" - + \ No newline at end of file diff --git a/src/dev.html b/src/dev.html new file mode 100644 index 0000000..821f53e --- /dev/null +++ b/src/dev.html @@ -0,0 +1,274 @@ + + + + + OSRS Wiki CORS Test + + + + +

OSRS Wiki CORS Test

This page tests CORS with the OSRS wiki and demonstrates fetching data.

+ +

Search a Bucket

+ + Enter a bucket API query:
+ +
+ Choose an default bucket:
+
+ +

Select an Item

+ Choose an item from query:
+ +

+ +

Extracted Item Data

Select an item to display its data here.

+ +

Raw Data

Raw JSON data will appear here.

+ + + + + \ No newline at end of file diff --git a/src/pages/data/version.json b/src/pages/data/version.json index 8aa0c33..ef08071 100644 --- a/src/pages/data/version.json +++ b/src/pages/data/version.json @@ -1,3 +1,3 @@ { - "version": "0.0.31" + "version": "0.0.32" } \ No newline at end of file diff --git a/webpack.config.js b/webpack.config.js index 5b9442a..fa6b9ec 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -49,6 +49,7 @@ module.exports = { { from: path.resolve(__dirname, 'src/.htaccess'), to: path.resolve(__dirname, 'dist/.htaccess'), toType: 'file' }, // Main app files { from: 'index.html', to: 'index.html' }, + { from: 'dev.html', to: 'dev.html' }, { from: 'dev-appconfig.json', to: 'appconfig.json' }, // Folders we need { from: 'images', to: 'images', globOptions: { ignore: ['**/data/**'] } },