From 41269a984844638cdceb1c60125dc5cea059e485 Mon Sep 17 00:00:00 2001
From: "sosuke.iwabuchi" <sosuke.iwabuchi@satellite-tech.co.jp>
Date: Tue, 15 Oct 2024 20:37:36 +0900
Subject: [PATCH] =?UTF-8?q?htaccess=20=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 public/.htaccess | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/public/.htaccess b/public/.htaccess
index 3aec5e2..686781a 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -5,6 +5,33 @@
 
     RewriteEngine On
 
+    # ローカル判定
+    SetEnvIf HOST "^localhost.*$" isLocal 
+    #ステージング判定
+    SetEnvIf HOST "^15.152.39.28$" isStaging 
+    #本番判定
+    SetEnvIf HOST "^qrs\.hello-techno-network\.com$" isProduction 
+
+    # SSL強制
+    RewriteCond %{ENV:isLocal} !-
+    RewriteCond %{ENV:isStaging} !-
+    RewriteCond %{HTTPS} off
+    RewriteRule ^(.*)$ https://qrs.hello-techno-network.com/$1 [R=301,L]
+    
+    # ドメインアクセス強制
+    RewriteCond %{ENV:isLocal} !-
+    RewriteCond %{ENV:isStaging} !-
+    RewriteCond %{HTTP_HOST} ^\d+\.\d+\.\d+\.\d+$
+    RewriteRule ^(.*)$ https://qrs.hello-techno-network.com/$1 [R=301,L]
+
+    Header unset X-Powered-By
+
+    Header set "Content-Security-Policy" "default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: api.iconify.design;font-src 'self' fonts.gstatic.com;frame-ancestors 'none';form-action 'self';connect-src 'self' https:" env=!isLocal
+
+    Header set "X-Frame-Options" "deny"
+
+    Header set "Cache-Control" "no-cache, no-store, must-revalidate"
+
     # Handle Authorization Header
     RewriteCond %{HTTP:Authorization} .
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -18,4 +45,17 @@
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^ index.php [L]
+
+     # 以下、ファイルアクセス
+    # リソース判定
+    SetEnvIf Request_URI "^\/static\/js\/.+\.js$" isJsFile=yes
+    SetEnvIf Request_URI "^\/static\/css\/.+\.css$" isCssFile=yes
+    SetEnvIf Request_URI "^\/fonts\/.+$" isFontFile=yes
+
+    Header set "Cache-Control" "private, no-cache" env=isJsFile
+    Header set "Cache-Control" "private, no-cache" env=isCssFile
+    Header set "Cache-Control" "private, no-cache" env=isFontFile
+
+    Header set "X-Content-Type-Options" "nosniff"
+
 </IfModule>