-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathweb.config
More file actions
66 lines (64 loc) · 4.03 KB
/
web.config
File metadata and controls
66 lines (64 loc) · 4.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<clear />
<remove name="X-Powered-By" />
<!-- Ikke endre direkte. Sjekk README.md for å se hvordan man oppdaterer Permissions-Policy -->
<add name="Permissions-Policy" value="accelerometer=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=self, display-capture=(), fullscreen=self, geolocation=self, gyroscope=(), magnetometer=(), microphone=(), midi=(), usb=(), xr-spatial-tracking=()" />
<!-- Ikke endre direkte. Sjekk README.md for å se hvordan man oppdaterer Content-Security-Policy -->
<add name="Content-Security-Policy" value="connect-src 'self' https://plausible.io https://offlinemap.blob.core.windows.net https://nveb2c01prod.b2clogin.com https://nveb2c01test.b2clogin.com https://nveb2c01staging.b2clogin.com https://api.regobs.no https://test-api.regobs.no https://demo-api.regobs.no http://localhost:5130/ http://localhost:40001/ https://api01.nve.no https://ws.geonorge.no/stedsnavn https://secure.geonames.org https://www.iskart.no https://sentry.io https://ws.geonorge.no https://www.yr.no data:; frame-src https://plot.regobs.no https://test-plot.regobs.no https://demo-plot.regobs.no; upgrade-insecure-requests; frame-ancestors 'none'; form-action 'self'; object-src 'none'; font-src 'self'; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://plausible.io; worker-src 'self' blob:; default-src 'self' data: gap: cdvfile: blob:; img-src * filesystem: app-file: cdvfile: data: blob:; media-src * blob:" />
<add name="Cache-Control" value="no-cache" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Referrer-Policy" value="same-origin" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="Expect-Ct" value="max-age=0;" />
<add name="X-Permitted-Cross-Domain-Policies" value="none" />
</customHeaders>
</httpProtocol>
<rewrite>
<rules>
<!-- Sørger for at ngsw-worker\.js er kallet og erstattet -->
<rule name="Bypass ngsw-worker.js" stopProcessing="true">
<match url="^ngsw-worker\.js$" />
<action type="None" />
</rule>
<rule name="Attachments rewrite" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^Attachments/.*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Redirect" url="https://api.regobs.no/{R:0}" appendQueryString="true" logRewrittenUrl="true" redirectType="Permanent" />
</rule>
<rule name="Remove www" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.regobs\.no$" />
</conditions>
<action type="Redirect" url="https://regobs.no/{R:1}" redirectType="Permanent" appendQueryString="true" />
</rule>
<!-- Redirect HTTP to HTTPS -->
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
<!-- Redirect www to non-www -->
<rule name="Angular Route" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="/index.html" />
</rule> rul
</rules>
</rewrite>
<!-- Fjerne Server -headeren som lekker informasjon om hvilke type server nettsiden kjører under -->
<security>
<requestFiltering removeServerHeader="true" />
</security>
</system.webServer>
</configuration>