Hugging Face's logo

Spaces:
kunalsuri
/
european-genai-hub
Running

App Files Community
european-genai-hub / .htaccess
GitHub Action
Sync from GitHub
96265bc
raw
history blame contribute delete
2.13 kB
 # Security and Performance Headers for HuggingFace Spaces
<IfModule mod_headers.c>
# Security Headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=()"
# Content Security Policy
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdn.tailwindcss.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; connect-src 'self'; frame-src 'none';"
# Performance Headers
Header always set Cache-Control "public, max-age=31536000" "expr=%{REQUEST_URI} =~ /\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$/"
Header always set Cache-Control "public, max-age=3600" "expr=%{REQUEST_URI} =~ /\.json$/"
# Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
</IfModule>
</IfModule>
# Security: Prevent access to sensitive files
<FilesMatch "^\.">
Require all denied
</FilesMatch>
<FilesMatch "\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)$">
Require all denied
</FilesMatch>
# Performance: Set proper MIME types
<IfModule mod_mime.c>
AddType application/javascript .js
AddType text/css .css
AddType application/json .json
AddType image/svg+xml .svg
</IfModule>