Commit Graph

33 Commits

Author SHA1 Message Date
Simon 78266d5b7b feat: Disable the auto detection of resource type
Protect yourself from malicious exploitation via MIME sniffing.
MIME-Type sniffing explained

Internet Explorer and Chrome browsers have a feature called "MIME-Type sniffing" that automatically detects a web resource's type. This means, for example, that a resource identified as an image can be read as a script if its content is a script.

This property allows a malicious person to send a file to your website to inject malicious code. We advise you to disable the MIME-Type sniffing to limit such activity.

Chrome has been working on a feature called Site Isolation which provides extensive mitigation against exploitation of these types of vulnerabilities. Site Isolation is more effective when MIME types are correct.
How to prevent MIME-Type sniffing

Configure a "X-Content-Type-Options" HTTP header. Add the "X-Content-Type-Options" HTTP header in the responses of each resource, associated to the "nosniff" value. It allows you to guard against such misinterpretations of your resources.

https://www.justegeek.fr/proteger-un-peu-plus-son-site-avec-la-balise-x-content-type-options/
2020-03-11 16:59:13 +01:00
Simon 6b2d95f245 fix: Avoid http-equiv <meta> tags
HTTP headers are more efficient than the http-equiv meta tags.
The <meta http-equiv=/> tags

The http-equiv meta tags allow to communicate to the web browser information equivalent to the ones of HTTP headers. For example, the meta <meta http-equiv=content-type/> will have the same consequences than the HTTP Content-Type header.

Two points don’t stimulate the use of http-equiv meta tags:

    Going through the meta requires to interpret the beginning of the HTML page, which is slower than going through the HTTP headers in terms of performance
    If the HTTP header is already present, the meta is ignored

In which cases are the <meta http-equiv=/> useful?

Only one case can justify the presence of these meta tags: if you don’t have access to the configuration of your server, and that is to say to the HTTP headers.

However, we advice you to use a configurable server so that you can establish the most efficient site possible.

This page contains 1 http-equiv meta tag. If possible, you should replace it:

    x-ua-compatible
2020-03-11 16:53:51 +01:00
Simon d18cf92c2c fix: 4 empty elements can disturb screen readers
<p>, <li>, <button>, <legend>, <caption>, <figcaption> and <quote> elements must not be empty because if they are, some screen readers will have difficulties interpreting their presence.

Remove these empty elements from you code or decorate them with the aria-hidden attribute so that the screen readers ignore them.
2020-03-11 16:47:32 +01:00
Simon 49f40a4128 feat: Remove www 2020-03-11 16:28:19 +01:00
Simon 3741f5969d fix: Width and Height is not a good solution for responsive design 2020-03-11 14:40:35 +01:00
Simon 56d883d45a feat: Add new post 2020-03-11 14:30:18 +01:00
Simon 44ca31ca65 feat: Specify a character set on server 2020-03-11 14:29:36 +01:00
Simon 0d2de1d71f feat: Specify image dimensions
https://gtmetrix.com/specify-image-dimensions.html
2020-03-11 14:29:07 +01:00
Simon ef6bab5f0d feat: Add purgecss 2020-03-11 14:04:00 +01:00
Simon a2a0f52dd8 fix: Minify HTML 2020-03-11 14:03:30 +01:00
Simon 89cb1715aa feat: Update theme 2020-03-09 16:32:16 +01:00
Simon 852ee62433 feat: Modifie les dates de modification des fichiers pour éviter un changement d'etag 2020-03-09 16:21:05 +01:00
Simon f5122df4c7 feat: Modifie le nom des liens 2020-03-09 16:19:02 +01:00
Simon 4154664d69 feat: Configuration d'Nginx 2020-03-09 16:18:26 +01:00
Simon a0d11ff491 chore: Add staging configuration 2020-03-09 16:17:31 +01:00
Simon 08590fe3b6 feat: Mise à jour du site pour une meilleure acceccibilité 2020-03-09 16:11:37 +01:00
Simon b00e111d67 feat: Update theme 2020-03-09 16:09:59 +01:00
Simon f26d1e6113 fix: Optimisation des fichiers SVG 2020-03-09 11:47:59 +01:00
Simon 79acd70d1c feat: Ajout de l'article Ulule 2020-03-09 11:24:58 +01:00
Simon 14ccf19183 fix: Les images retaillées doivent être centrées 2020-03-09 11:24:34 +01:00
Simon 7d81e5cc8f Remove nvm config 2020-02-27 11:25:43 +01:00
Simon 5007e65946 export to theme 2020-02-27 11:20:14 +01:00
Simon 5c0ac24daf Add french typography rules 2020-02-26 17:53:35 +01:00
Simon 28853145f2 save 2020-02-25 11:57:46 +01:00
Simon 9bdf14c12a Upgrade design 2020-02-20 18:29:02 +01:00
Simon 68260ed9d4 Update 2020-02-17 14:32:31 +01:00
Simon d04b9b5f55 Update book.png 2020-02-17 11:49:53 +01:00
Simon 4de21c26bc Add ftp deploy 2020-02-16 16:44:29 +01:00
Simon a8dbc19968 Update prod URL 2020-02-16 16:44:05 +01:00
Simon c806cead14 fix warning 2020-02-14 17:01:56 +01:00
Simon e5bf745a9f add font 2020-02-14 16:58:45 +01:00
Simon 49a69633ba Update 2020-02-14 16:40:46 +01:00
Simon 9a611bbf32 first version 2020-02-11 09:02:51 +01:00