-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathweb.config
143 lines (143 loc) · 6.69 KB
/
web.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<staticContent>
<!-- IIS returns a 404 for extensions it doesn't know about so we have to add webmanifest -->
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
<!-- Make sure we have the correct JSON mime type, ie not text/json or anything -->
<remove fileExtension=".json" />
<mimeMap fileExtension=".json" mimeType="application/json" />
<remove fileExtension=".woff" />
<mimeMap fileExtension=".woff" mimeType="font/woff" />
<remove fileExtension=".woff2" />
<mimeMap fileExtension=".woff2" mimeType="font/woff2" />
</staticContent>
<rewrite>
<allowedServerVariables>
<add name="HTTP_ACCEPT_ENCODING" />
</allowedServerVariables>
<rules>
<!--
A 'hack' for IIS < 1803 (e.g. on Windows Server 2016) to make brotli compression prioritised over gzip.
See https://docs.microsoft.com/en-us/iis/extensions/iis-compression/using-iis-compression#before-iis-100-version-1803
-->
<rule name="Prioritize Brotli">
<match url=".*" />
<conditions>
<add input="{HTTP_ACCEPT_ENCODING}" pattern="\bbr(?!;q=0)\b" />
</conditions>
<serverVariables>
<set name="HTTP_ACCEPT_ENCODING" value="br" />
</serverVariables>
</rule>
<!-- Redirect index.html requests to the folder, but only when the index.html file exists -->
<rule name="wwwroot-index-redirect" stopProcessing="true">
<match url="(.+)\/index\.html$" />
<conditions>
<add input="{DOCUMENT_ROOT}\wwwroot\{R:1}\index.html" matchType="IsFile" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}/" />
</rule>
<!-- Append a trailing slash for directories -->
<rule name="wwwroot-missing-trailing-slash-redirect" stopProcessing="true">
<match url="^([^.]*[^\/])$" />
<conditions>
<add input="{DOCUMENT_ROOT}\wwwroot\{R:1}\index.html" matchType="IsFile" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}/" />
</rule>
<!--
Route static files into the wwwroot folder directly as it's faster, but only when they exist.
This means paths that don't map to physical files can fallback to be handled by the .NET Core app
-->
<rule name="wwwroot-index-rewrite" stopProcessing="true">
<match url="([^.]*)" />
<conditions>
<add input="{DOCUMENT_ROOT}\wwwroot\{R:1}index.html" matchType="IsFile" />
</conditions>
<action type="Rewrite" url="wwwroot/{R:1}/index.html" />
</rule>
<rule name="wwwroot-rewrite" stopProcessing="true">
<match url="(.*\.[^.]+)" />
<conditions>
<add input="{DOCUMENT_ROOT}\wwwroot\{R:1}" matchType="IsFile" />
</conditions>
<action type="Rewrite" url="wwwroot/{R:1}" />
</rule>
</rules>
<outboundRules>
<!-- Add preload/prefetch directives via a Link header, but only for HTML files -->
<rule name="add-link-header">
<match serverVariable="RESPONSE_Link" pattern=".*" />
<conditions>
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html$" />
</conditions>
<action type="Rewrite" value="<https://apikeys.civiccomputing.com>; rel=preconnect; crossorigin,<https://www.googletagmanager.com>; rel=preconnect,<https://cdn.nice.org.uk/cookie-banner/cookie-banner.min.js>; rel=preload; as=script"/>
</rule>
<!-- Add cache headers for static files as per Gatsby's static file caching https://www.gatsbyjs.com/docs/caching/ -->
<rule name="long-cache-static-files" preCondition="is-long-cache-file" stopProcessing="true">
<match serverVariable="RESPONSE_CACHE-CONTROL" pattern=".*" />
<action type="Rewrite" value="public,immutable,max-age=31536000" />
</rule>
<rule name="no-cache-static-files" preCondition="is-no-cache-file" stopProcessing="true">
<match serverVariable="RESPONSE_CACHE-CONTROL" pattern=".*" />
<!-- Small, but non-zero cache time: service worker sometimes re-requests files straight after page load so 30 seconds should be enough to stop another request -->
<action type="Rewrite" value="public,must-revalidate,max-age=30" />
</rule>
<preConditions>
<preCondition name="is-no-cache-file" logicalGrouping="MatchAny">
<add input="{REQUEST_URI}" pattern="(.*\.html)|(sw\.js)|(app\-data\.json)|(page\-data\.json)" />
</preCondition>
<preCondition name="is-long-cache-file" logicalGrouping="MatchAny">
<add input="{REQUEST_URI}" pattern=".*\.(?:css|js|woff|woff2)$" />
<add input="{REQUEST_URI}" pattern="^/wwwroot/static" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<urlCompression doDynamicCompression="true" doStaticCompression="true" />
<httpCompression minFileSizeForComp="512">
<!-- Static files are cached so use highest compression levels -->
<scheme name="br" dll="%ProgramFiles%\IIS\IIS Compression\iisbrotli.dll" staticCompressionLevel="11" dynamicCompressionLevel="5" />
<scheme name="gzip" dll="%ProgramFiles%\IIS\IIS Compression\iiszlib.dll" staticCompressionLevel="9" dynamicCompressionLevel="5" />
<staticTypes>
<add enabled="true" mimeType="application/json"/>
<add enabled="true" mimeType="application/json; charset=utf-8" />
</staticTypes>
<dynamicTypes>
<add enabled="true" mimeType="application/json"/>
<add enabled="true" mimeType="application/json; charset=utf-8" />
</dynamicTypes>
</httpCompression>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" />
<add name="Content-Security-Policy" value="frame-ancestors 'self';" />
<add name="Permissions-Policy" value="interest-cohort=()" />
</customHeaders>
</httpProtocol>
<security>
<!-- TODO: Reinstate removeServerHeader when we've upgraded to IIS 10 in production -->
<!-- <requestFiltering removeServerHeader="true" /> -->
</security>
<modules>
<!-- Remove unused modules as per https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/modules?view=aspnetcore-3.1 for a small perf benefit -->
<remove name="TokenCacheModule"/>
<remove name="Session"/>
<remove name="WindowsAuthenticatio"/>
<remove name="FormsAuthentication"/>
<remove name="DefaultAuthentication"/>
<remove name="RoleManager"/>
<remove name="UrlAuthorization"/>
<remove name="FileAuthorization"/>
<remove name="AnonymousIdentification"/>
<remove name="Profile"/>
<remove name="UrlMappingsModule"/>
<remove name="UrlRoutingModule-4.0"/>
<remove name="ScriptModule-4.0"/>
</modules>
</system.webServer>
</configuration>