leap_platform.git/puppet/modules/site_apache, branch develop [leap_platform] Set X-XSS-Protection HTTP response header to '1'. 2016-10-24T15:31:41+00:00 Micah Anderson micah@riseup.net 2016-10-24T15:31:41+00:00 4db1e7c4454ea05c524be4cc385ede1bab2e1be4 This HTTP response header enables the Cross-site scripting (XSS) filter built into some modern web browsers. This header is usually enabled by default anyway, so the role of this header is to re-enable the filter if it was disabled maliciously, or by accident. 
This HTTP response header enables the Cross-site scripting (XSS) filter
built into some modern web browsers. This header is usually enabled by
default anyway, so the role of this header is to re-enable the filter
if it was disabled maliciously, or by accident.
Set X-Content-Type-Options nosniff. 2016-10-24T15:29:59+00:00 Micah Anderson micah@riseup.net 2016-10-24T15:29:59+00:00 53ddc64b6aa98653b35b23c334df605ed26ea60b Setting this header will prevent the browser from interpreting files as something else than declared by the content type in the HTTP headers. This will prevent the browser from MIME-sniffing a response away from the declared content-type. When this is not set, older versions of Internet Explorer and Chrome perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. 
Setting this header will prevent the browser from interpreting files as
something else than declared by the content type in the HTTP
headers. This will prevent the browser from MIME-sniffing a response
away from the declared content-type.

When this is not set, older versions of Internet Explorer and Chrome
perform MIME-sniffing on the response body, potentially causing the
response body to be interpreted and displayed as a content type other
than the declared content type.
added support for Let's Encrypt 2016-09-01T17:49:22+00:00 elijah elijah@riseup.net 2016-08-31T21:54:46+00:00 8116e007cfd4dbee8282247348cf45473dcde45e 






Make static tor hidden services work (#8212).
2016-06-28T17:11:37+00:00

Micah
micah@leap.se

2016-06-23T16:08:54+00:00

29d6b7dbbc3b9d8b11f0b215cad894fcfca9989c

When tor hidden services were enabled for static sites, only a very
basic configuration was setup and it didn't take into account the
different location configurations that can be configured for a
static site.

This commit resolves that by making a site_static::hidden_service class
similar to the site_webapp::hidden_service class, and fixes up the
apache vhost template to properly create the location blocks for the
hidden service vhost.

Change-Id: Ice3586f4173bd2d1bd3defca29d21c7403d5a03a





When tor hidden services were enabled for static sites, only a very
basic configuration was setup and it didn't take into account the
different location configurations that can be configured for a
static site.

This commit resolves that by making a site_static::hidden_service class
similar to the site_webapp::hidden_service class, and fixes up the
apache vhost template to properly create the location blocks for the
hidden service vhost.

Change-Id: Ice3586f4173bd2d1bd3defca29d21c7403d5a03a







Fix the permissions on the DOMAIN/provider.json file for static sites.
2016-06-27T23:15:26+00:00

elijah
elijah@riseup.net

2016-06-27T22:49:30+00:00

b21a3e9126a1734b2cea975e57b5c9e8206f12fa












Fix hidden service static template (#8203).
2016-06-21T13:56:09+00:00

Micah
micah@leap.se

2016-06-21T13:50:27+00:00

3df7a57d866cf1e6eda9bb9e3fe19c7387ec6c1d

Change-Id: Iab9597f5f0336f66df9b73fea9d79c789cbb8302





Change-Id: Iab9597f5f0336f66df9b73fea9d79c789cbb8302







Disable the Trace method (#8195)
2016-06-16T18:55:22+00:00

Micah
micah@leap.se

2016-06-16T16:24:01+00:00

293cdaee6db4a4d0b13a56fcd047819d60f38ce2

The Trace method is enabled because of the Apache module, but it is not the
default in Debian, and it should not be enabled, for more information see the
following:

https://www.kb.cert.org/vuls/id/867593

Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268





The Trace method is enabled because of the Apache module, but it is not the
default in Debian, and it should not be enabled, for more information see the
following:

https://www.kb.cert.org/vuls/id/867593

Change-Id: I06a06ae679dbf7049f26a017125b61e5e38f6268







migrate from obsolete SSLCertificateChainFile apache option (#8055)
2016-05-03T19:02:18+00:00

kwadronaut
kwadronaut@leap.se

2016-05-03T19:02:18+00:00

8b5541290fc985acd7364d48aaf357457c7622f7












migrate from obsolete SSLCertificateChainFile apache option (#8055)
2016-05-03T17:21:17+00:00

Micah
micah@leap.se

2016-05-03T17:21:17+00:00

3b5ce74f81bb56af0b94a119a85649446a3d6e19

Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb





Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb







fix tor-related jessie deprecation problems (#7962)
2016-03-11T20:55:20+00:00

Micah
micah@leap.se

2016-03-11T17:16:42+00:00

ee6cad0750e853b3ac210d17b79471772bfae2a5

Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639





Change-Id: If493b8a1f06a786df36a28aa1fc592e270eba639