htaccess 修正

public/.htaccess

@@ -5,6 +5,33 @@
 
     RewriteEngine On
 
+    # ローカル判定
+    SetEnvIf HOST "^localhost.*$" isLocal 
+    #ステージング判定
+    SetEnvIf HOST "^15.152.39.28$" isStaging 
+    #本番判定
+    SetEnvIf HOST "^qrs\.hello-techno-network\.com$" isProduction 
+
+    # SSL強制
+    RewriteCond %{ENV:isLocal} !-
+    RewriteCond %{ENV:isStaging} !-
+    RewriteCond %{HTTPS} off
+    RewriteRule ^(.*)$ https://qrs.hello-techno-network.com/$1 [R=301,L]
+    
+    # ドメインアクセス強制
+    RewriteCond %{ENV:isLocal} !-
+    RewriteCond %{ENV:isStaging} !-
+    RewriteCond %{HTTP_HOST} ^\d+\.\d+\.\d+\.\d+$
+    RewriteRule ^(.*)$ https://qrs.hello-techno-network.com/$1 [R=301,L]
+
+    Header unset X-Powered-By
+
+    Header set "Content-Security-Policy" "default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: api.iconify.design;font-src 'self' fonts.gstatic.com;frame-ancestors 'none';form-action 'self';connect-src 'self' https:" env=!isLocal
+
+    Header set "X-Frame-Options" "deny"
+
+    Header set "Cache-Control" "no-cache, no-store, must-revalidate"
+
     # Handle Authorization Header
     RewriteCond %{HTTP:Authorization} .
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -18,4 +45,17 @@
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^ index.php [L]
+
+     # 以下、ファイルアクセス
+    # リソース判定
+    SetEnvIf Request_URI "^\/static\/js\/.+\.js$" isJsFile=yes
+    SetEnvIf Request_URI "^\/static\/css\/.+\.css$" isCssFile=yes
+    SetEnvIf Request_URI "^\/fonts\/.+$" isFontFile=yes
+
+    Header set "Cache-Control" "private, no-cache" env=isJsFile
+    Header set "Cache-Control" "private, no-cache" env=isCssFile
+    Header set "Cache-Control" "private, no-cache" env=isFontFile
+
+    Header set "X-Content-Type-Options" "nosniff"
+
 </IfModule>