Fix redirect loop: tambah guard lebih ketat di semua file, hapus redirect di .htaccess public

2025-12-18 13:25:50 +07:00
parent da151681e1
commit 4cd16d4e11
5 changed files with 66 additions and 9 deletions
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -0,0 +1,32 @@
+# Apache URL Rewrite untuk Retribusi Frontend (di folder public)
+# Hanya untuk security headers dan cache, TIDAK ada redirect
+
+# Security headers
+<IfModule mod_headers.c>
+    # Prevent clickjacking
+    Header set X-Frame-Options "SAMEORIGIN"
+    
+    # XSS Protection
+    Header set X-XSS-Protection "1; mode=block"
+    
+    # Content Type Options
+    Header set X-Content-Type-Options "nosniff"
+</IfModule>
+
+# Cache static assets
+<IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresByType text/css "access plus 1 year"
+    ExpiresByType application/javascript "access plus 1 year"
+    ExpiresByType image/png "access plus 1 year"
+    ExpiresByType image/jpg "access plus 1 year"
+    ExpiresByType image/jpeg "access plus 1 year"
+    ExpiresByType image/gif "access plus 1 year"
+    ExpiresByType image/svg+xml "access plus 1 year"
+</IfModule>
+
+# Gzip compression
+<IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
+</IfModule>
+