Strip irrelevant and risky parts of html5 snippet.

1 files changed, 0 insertions, 281 deletions

diff --git a/apache2/conf.d/local-html5.conf b/apache2/conf.d/local-html5.conf
index 3007b14..204473e 100644
--- a/apache2/conf.d/local-html5.conf
+++ b/apache2/conf.d/local-html5.conf
@@ -35,36 +35,6 @@
 
 
 # ----------------------------------------------------------------------
-# Cross-domain AJAX requests
-# ----------------------------------------------------------------------
-
-# Serve cross-domain ajax requests, disabled.
-# enable-cors.org
-# code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
-
-#  <IfModule mod_headers.c>
-#    Header set Access-Control-Allow-Origin "*"
-#  </IfModule>
-
-
-
-# ----------------------------------------------------------------------
-# Webfont access
-# ----------------------------------------------------------------------
-
-# Allow access from all domains for webfonts.
-# Alternatively you could only whitelist your
-# subdomains like "subdomain.example.com".
-
-<IfModule mod_headers.c>
-  <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
-    Header set Access-Control-Allow-Origin "*"
-  </FilesMatch>
-</IfModule>
-
-
-
-# ----------------------------------------------------------------------
 # Proper MIME type for all files
 # ----------------------------------------------------------------------
 
@@ -108,32 +78,6 @@ AddType text/x-vcard                   vcf
 
 
 # ----------------------------------------------------------------------
-# Allow concatenation from within specific js and css files
-# ----------------------------------------------------------------------
-
-# e.g. Inside of script.combined.js you could have
-#   <!--#include file="libs/jquery-1.5.0.min.js" -->
-#   <!--#include file="plugins/jquery.idletimer.js" -->
-# and they would be included into this single file.
-
-# This is not in use in the boilerplate as it stands. You may
-# choose to name your files in this way for this advantage or
-# concatenate and minify them manually.
-# Disabled by default.
-
-#<FilesMatch "\.combined\.js$">
-#  Options +Includes
-#  AddOutputFilterByType INCLUDES application/javascript application/json
-#  SetOutputFilter INCLUDES
-#</FilesMatch>
-#<FilesMatch "\.combined\.css$">
-#  Options +Includes
-#  AddOutputFilterByType INCLUDES text/css
-#  SetOutputFilter INCLUDES
-#</FilesMatch>
-
-
-# ----------------------------------------------------------------------
 # Gzip compression
 # ----------------------------------------------------------------------
 
@@ -279,228 +223,3 @@ FileETag None
 # BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
 # BrowserMatch "Opera" !brokenvary
 # SetEnvIf brokenvary 1 force-no-vary
-
-
-
-# ----------------------------------------------------------------------
-# Cookie setting from iframes
-# ----------------------------------------------------------------------
-
-# Allow cookies to be set from iframes (for IE only)
-# If needed, uncomment and specify a path or regex in the Location directive
-
-# <IfModule mod_headers.c>
-#   <Location />
-#     Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
-#   </Location>
-# </IfModule>
-
-
-
-# ----------------------------------------------------------------------
-# Start rewrite engine
-# ----------------------------------------------------------------------
-
-# Turning on the rewrite engine is necessary for the following rules and features.
-# FollowSymLinks must be enabled for this to work.
-
-<IfModule mod_rewrite.c>
-  Options +FollowSymlinks
-  RewriteEngine On
-</IfModule>
-
-
-
-# ----------------------------------------------------------------------
-# Suppress or force the "www." at the beginning of URLs
-# ----------------------------------------------------------------------
-
-# The same content should never be available under two different URLs - especially not with and
-# without "www." at the beginning, since this can cause SEO problems (duplicate content).
-# That's why you should choose one of the alternatives and redirect the other one.
-
-# By default option 1 (no "www.") is activated. Remember: Shorter URLs are sexier.
-# no-www.org/faq.php?q=class_b
-
-# If you rather want to use option 2, just comment out all option 1 lines
-# and uncomment option 2.
-# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!
-
-# ----------------------------------------------------------------------
-
-# Option 1:
-# Rewrite "www.example.com -> example.com"
-
-<IfModule mod_rewrite.c>
-  RewriteCond %{HTTPS} !=on
-  RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
-  RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
-</IfModule>
-
-# ----------------------------------------------------------------------
-
-# Option 2:
-# To rewrite "example.com -> www.example.com" uncomment the following lines.
-# Be aware that the following rule might not be a good idea if you
-# use "real" subdomains for certain parts of your website.
-
-# <IfModule mod_rewrite.c>
-#   RewriteCond %{HTTPS} !=on
-#   RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
-#   RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-# </IfModule>
-
-
-
-# ----------------------------------------------------------------------
-# Built-in filename-based cache busting
-# ----------------------------------------------------------------------
-
-# If you're not using the build script to manage your filename version revving,
-# you might want to consider enabling this, which will route requests for
-# /css/style.20110203.css to /css/style.css
-
-# To understand why this is important and a better idea than all.css?v1231,
-# read: github.com/paulirish/html5-boilerplate/wiki/Version-Control-with-Cachebusting
-
-# Uncomment to enable.
-# <IfModule mod_rewrite.c>
-#   RewriteCond %{REQUEST_FILENAME} !-f
-#   RewriteCond %{REQUEST_FILENAME} !-d
-#   RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L]
-# </IfModule>
-
-
-
-# ----------------------------------------------------------------------
-# Prevent SSL cert warnings
-# ----------------------------------------------------------------------
-
-# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent
-# https://www.example.com when your cert only allows https://secure.example.com
-# Uncomment the following lines to use this feature.
-
-# <IfModule mod_rewrite.c>
-#   RewriteCond %{SERVER_PORT} !^443
-#   RewriteRule ^ https://example-domain-please-change-me.com%{REQUEST_URI} [R=301,L]
-# </IfModule>
-
-
-
-# ----------------------------------------------------------------------
-# Prevent 404 errors for non-existing redirected folders
-# ----------------------------------------------------------------------
-
-# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist
-#   e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
-
-Options -MultiViews
-
-
-
-# ----------------------------------------------------------------------
-# Custom 404 page
-# ----------------------------------------------------------------------
-
-# You can add custom pages to handle 500 or 403 pretty easily, if you like.
-ErrorDocument 404 /404.html
-
-
-
-# ----------------------------------------------------------------------
-# UTF-8 encoding
-# ----------------------------------------------------------------------
-
-# Use UTF-8 encoding for anything served text/plain or text/html
-AddDefaultCharset utf-8
-
-# Force UTF-8 for a number of file formats
-AddCharset utf-8 .html .css .js .xml .json .rss .atom
-
-
-
-# ----------------------------------------------------------------------
-# A little more security
-# ----------------------------------------------------------------------
-
-
-# Do we want to advertise the exact version number of Apache we're running?
-# Probably not.
-## This can only be enabled if used in httpd.conf - It will not work in .htaccess
-# ServerTokens Prod
-
-
-# "-Indexes" will have Apache block users from browsing folders without a default document
-# Usually you should leave this activated, because you shouldn't allow everybody to surf through
-# every folder on your server (which includes rather private places like CMS system folders).
-<IfModule mod_autoindex.c>
-  Options -Indexes
-</IfModule>
-
-
-# Block access to "hidden" directories whose names begin with a period. This
-# includes directories used by version control systems such as Subversion or Git.
-<IfModule mod_rewrite.c>
-  RewriteRule "(^|/)\." - [F]
-</IfModule>
-
-
-# If your server is not already configured as such, the following directive
-# should be uncommented in order to set PHP's register_globals option to OFF.
-# This closes a major security hole that is abused by most XSS (cross-site
-# scripting) attacks. For more information: http://php.net/register_globals
-#
-# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
-#
-# Your server does not allow PHP directives to be set via .htaccess. In that
-# case you must make this change in your php.ini file instead. If you are
-# using a commercial web host, contact the administrators for assistance in
-# doing this. Not all servers allow local php.ini files, and they should
-# include all PHP configurations (not just this one), or you will effectively
-# reset everything to PHP defaults. Consult www.php.net for more detailed
-# information about setting PHP directives.
-
-# php_flag register_globals Off
-
-# Rename session cookie to something else, than PHPSESSID
-# php_value session.name sid
-
-# Do not show you are using PHP
-# Note: Move this line to php.ini since it won't work in .htaccess
-# php_flag expose_php Off
-
-# Level of log detail - log all errors
-# php_value error_reporting -1
-
-# Write errors to log file
-# php_flag log_errors On
-
-# Do not display errors in browser (production - Off, development - On)
-# php_flag display_errors Off
-
-# Do not display startup errors (production - Off, development - On)
-# php_flag display_startup_errors Off
-
-# Format errors in plain text
-# Note: Leave this setting 'On' for xdebug's var_dump() output
-# php_flag html_errors Off
-
-# Show multiple occurrence of error
-# php_flag ignore_repeated_errors Off
-
-# Show same errors from different sources
-# php_flag ignore_repeated_source Off
-
-# Size limit for error messages
-# php_value log_errors_max_len 1024
-
-# Don't precede error with string (doesn't accept empty string, use whitespace if you need)
-# php_value error_prepend_string " "
-
-# Don't prepend to error (doesn't accept empty string, use whitespace if you need)
-# php_value error_append_string " "
-
-# Increase cookie security
-<IfModule php5_module>
-  php_value session.cookie_httponly true
-</IfModule>