# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

# Charset
AddCharset UTF-8 html css js

# MIME types
AddType application/x-httpd-php html php
AddType image/x-icon ico
AddType application/javascript js
AddType application/font-woff2 woff2

# Options
DirectoryIndex index.php index.html
Options +SymLinksIfOwnerMatch -Indexes
RewriteEngine on

# Force SSL
RewriteCond %{HTTP_HOST} ^www\.bzdeck\.com$
RewriteCond %{HTTPS} off
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

# Redirects
RewriteRule ^about/?$       https://github.com/bzdeck/bzdeck/wiki [R,L]
RewriteRule ^faq/?$         https://github.com/bzdeck/bzdeck/wiki/FAQ [R,L]
RewriteRule ^privacy/?$     https://github.com/bzdeck/bzdeck/wiki/Privacy-Notice [R,L]
RewriteRule ^support/?$     https://github.com/bzdeck/bzdeck/wiki/FAQ [R,L]
RewriteRule ^screenshots/?$ https://www.facebook.com/BzDeck/photos_stream [R,L]

# Rewrite: app landing (TODO: Provide the actual landing page)
RewriteRule ^$ /app/ [L]

# Rewrite: Virtual URLs to be resolved to the app's static base URL. This list should be synced with caches.js
RewriteRule ^(attachment|bug|home|profile|search|settings) /app/ [L]

# Rewrite: misc
RewriteRule ^favicon\.ico$ /static/images/logo/favicon.ico [L]
RewriteRule ^service-worker\.js$ /static/scripts/workers/service-worker.js [L]
RewriteRule ^service-worker-resources\.js$ /components/service-worker-resources.js.php [L]

# Performance: remove ETag
FileETag None

# Performance: set Cache-Control
Header always append Cache-Control private

# Performance: set Expires
ExpiresActive On
ExpiresDefault "access plus 1 day"

# Performance: use gzip (Apache 2.x)
AddOutputFilterByType DEFLATE text/html text/css application/javascript

# Security
Header always append Content-Security-Policy "\
  default-src 'self';\
  style-src 'self' 'unsafe-inline';\
  script-src 'self' https://secure.gravatar.com;\
  img-src 'self' 'unsafe-eval' blob: data:\
    https://bugzilla.mozilla.org https://*.bugzilla.mozilla.org\
    https://bugzilla-dev.allizom.org https://*.bugzilla-dev.allizom.org\
    https://secure.gravatar.com;\
  media-src mediastream:\
    https://bugzilla.mozilla.org https://*.bugzilla.mozilla.org\
    https://bugzilla-dev.allizom.org https://*.bugzilla-dev.allizom.org;\
  connect-src 'self'\
    https://bugzilla.mozilla.org https://bugzilla-dev.allizom.org\
    https://secure.gravatar.com"
Header always append Strict-Transport-Security max-age=31536000
Header always append X-Content-Type-Options nosniff
Header always append X-Frame-Options SAMEORIGIN
