Skip to content

Commit dfbceca

Browse files
committed
Chore: Remove inaccurate server configs
Temporary remove the server configs examples for the `x-content-type-options` rule until we better figure out things. - - - - - - - - - - - - - - - - - - - - - - - - - - - Ref #767
1 parent a2f201e commit dfbceca

File tree

1 file changed

+0
-65
lines changed

1 file changed

+0
-65
lines changed

docs/user-guide/rules/x-content-type-options.md

-65
Original file line numberDiff line numberDiff line change
@@ -79,71 +79,6 @@ Content-Type: text/javascript; charset=utf-8
7979
X-Content-Type-Options: nosniff
8080
```
8181

82-
## How to configure the server to pass this rule
83-
84-
<!-- markdownlint-disable MD033 -->
85-
<details><summary>How to configure Apache</summary>
86-
87-
Presuming the script files use the `.js` or `.mjs` extension, and
88-
the stylesheets `.css`, Apache can be configured to serve the with
89-
the `X-Content-Type-Options` header with the value of `nosniff`
90-
using the [`Header` directive][header directive]:
91-
92-
```apache
93-
<IfModule mod_headers.c>
94-
<FilesMatch "\.(css|m?js)$">
95-
Header set X-Content-Type-Options "nosniff"
96-
</FilesMatch>
97-
</IfModule>
98-
```
99-
100-
Note that:
101-
102-
* The above snippet works with Apache `v2.2.0+`, but you need to have
103-
[`mod_headers`][mod_headers] [enabled][how to enable apache modules]
104-
in order for it to take effect.
105-
106-
* If you have access to the [main Apache configuration file][main
107-
apache conf file] (usually called `httpd.conf`), you should add
108-
the logic in, for example, a [`<Directory>`][apache directory]
109-
section in that file. This is usually the recommended way as
110-
[using `.htaccess` files slows down][htaccess is slow] Apache!
111-
112-
If you don't have access to the main configuration file (quite
113-
common with hosting services), just add the snippets in a `.htaccess`
114-
file in the root of the web site/app.
115-
116-
</details>
117-
<details><summary>How to configure IIS</summary>
118-
119-
Presuming the script files are sent with the `Content-Type` header set
120-
to `text/javascript` and styleshees to `text/css` you can use
121-
a [`URL rewrite` rule][url rewrite] like the following:
122-
123-
```xml
124-
<configuration>
125-
<system.webServer>
126-
<rewrite>
127-
<outboundRules>
128-
<!-- Add X-Content-Type-Options header to text/javascript
129-
and text/css responses -->
130-
<rule name="X-Content-Type-Options" enabled="true">
131-
<match serverVariable="RESPONSE_X_Content_Type_Options" pattern=".*" />
132-
<conditions>
133-
<add input="{RESPONSE_Content_Type}" pattern="text\/(javascript|css)" />
134-
</conditions>
135-
<action type="Rewrite" value="nosniff"/>
136-
</rule>
137-
</outboundRules>
138-
</rewrite>
139-
</system.webServer>
140-
</configuration>
141-
```
142-
143-
</details>
144-
145-
<!-- markdownlint-enable MD033 -->
146-
14782
## Further Reading
14883

14984
* [`X-Content-Type-Options` header](https://fetch.spec.whatwg.org/#x-content-type-options-header)

0 commit comments

Comments
 (0)