From 14d8af4ac96a0918713f63e370f894b4305bb025 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Colombaro?= Date: Mon, 5 Dec 2022 20:06:43 +0000 Subject: [PATCH] Release v6.0.0 --- CHANGELOG.md | 27 +++++- dist/.htaccess | 258 ++++++++++++++++++++++++++----------------------- package.json | 2 +- 3 files changed, 162 insertions(+), 125 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e1fd76f5..f63174d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,27 @@ +### 6.0.0 (December 5, 2022) + +* 🎉 Significant improvement on `Cache-Control` definition and usage + * `Cache-Control` boilerplate with extensive control + [https://github.com/h5bp/server-configs-apache/pull/325] +* Reorder and improve cache expiration `ExpiresByType` map + [https://github.com/h5bp/server-configs-apache/pull/326] +* Add a notice for directory index with pre-compressed content + [https://github.com/h5bp/server-configs-apache/pull/311] +* Drop `image/avif-sequence` MIME type + [https://github.com/h5bp/server-configs-apache/pull/316] +* Improve inline comments. + ### 5.1.0 (May 9, 2022) -* Extend default, media and font cache TTL to 1 year [[5df6946](https://github.com/h5bp/server-configs-apache/commit/5df69464885605ded1f4b0ef04cb84f1b8bd8010)] -* Support `ETags` at server level [[7956cbc](https://github.com/h5bp/server-configs-apache/commit/7956cbcecd33c20f13357284f3f355c658755115)] -* Add `image/x-icon` compression support [[69ddeda](https://github.com/h5bp/server-configs-apache/commit/69ddeda3781762eb2aba8b5152f2e9d2fa56c90a)] -* Improve module checks validations [[cb8ef1b](https://github.com/h5bp/server-configs-apache/commit/cb8ef1be06a93d43db6dc525005e2638b8ef687b])] -* Improve inline comments +* Extend default, media and font cache TTL to 1 year + [[5df6946](https://github.com/h5bp/server-configs-apache/commit/5df69464885605ded1f4b0ef04cb84f1b8bd8010)] +* Support `ETags` at server level + [[7956cbc](https://github.com/h5bp/server-configs-apache/commit/7956cbcecd33c20f13357284f3f355c658755115)] +* Add `image/x-icon` compression support + [[69ddeda](https://github.com/h5bp/server-configs-apache/commit/69ddeda3781762eb2aba8b5152f2e9d2fa56c90a)] +* Improve module checks validations + [[cb8ef1b](https://github.com/h5bp/server-configs-apache/commit/cb8ef1be06a93d43db6dc525005e2638b8ef687b])] +* Improve inline comments. ### 5.0.0 (July 31, 2021) diff --git a/dist/.htaccess b/dist/.htaccess index 2af2e5c9..7500f054 100644 --- a/dist/.htaccess +++ b/dist/.htaccess @@ -1,4 +1,4 @@ -# Apache Server Configs v5.1.0 | MIT License +# Apache Server Configs v6.0.0 | MIT License # https://github.com/h5bp/server-configs-apache # (!) Using `.htaccess` files slows down Apache, therefore, if you have @@ -160,8 +160,7 @@ Options -MultiViews AddType audio/mp4 f4a f4b m4a AddType audio/ogg oga ogg opus - AddType image/avif avif - AddType image/avif-sequence avifs + AddType image/avif avif avifs AddType image/bmp bmp AddType image/jxl jxl AddType image/svg+xml svg svgz @@ -691,7 +690,7 @@ AddDefaultCharset utf-8 # https://scotthelme.co.uk/a-new-security-header-referrer-policy/ # -# # (1) +# # (1) # Header always set Referrer-Policy "strict-origin-when-cross-origin" "expr=%{CONTENT_TYPE} =~ m#text\/(css|html|javascript)|application\/pdf|xml#i" # @@ -931,6 +930,11 @@ ServerSignature Off # (!) To make this part relevant, you need to generate encoded files by your # own. Enabling this part will not auto-generate brotlied files. # +# (!) In special case of serving pre-compressed content only, note that +# `DirectoryIndex` directive adjustments could be required to change +# default resources priorities. +# https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex +# # (1) Remove default Content-Language header added for .br files. # https://httpd.apache.org/docs/current/mod/mod_mime.html#multipleext # @@ -994,13 +998,18 @@ ServerSignature Off # (!) To make this part relevant, you need to generate encoded files by your # own. Enabling this part will not auto-generate gziped files. # -# https://httpd.apache.org/docs/current/mod/mod_deflate.html#precompressed +# (!) In special case of serving pre-compressed content only, note that +# `DirectoryIndex` directive adjustments could be required to change +# default resources priorities. +# https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex # # (1) Removing default MIME Type for .gz files allowing to add custom # sub-types. # You may prefer using less generic extensions such as .html_gz in order to # keep the default behavior regarding .gz files. # https://httpd.apache.org/docs/current/mod/mod_mime.html#removetype +# +# https://httpd.apache.org/docs/current/mod/mod_deflate.html#precompressed # @@ -1046,38 +1055,6 @@ ServerSignature Off # -# ---------------------------------------------------------------------- -# | Content transformation | -# ---------------------------------------------------------------------- - -# Prevent intermediate caches or proxies (such as those used by mobile -# network providers) and browsers data-saving features from modifying -# the website's content using the `cache-control: no-transform` directive. -# -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control -# https://tools.ietf.org/html/rfc7234#section-5.2.2.4 -# -# (!) Carefully consider the impact on your visitors before disabling -# content transformation. These transformations are performed to -# improve the experience for data- and cost-constrained users -# (e.g. users on a 2G connection). -# -# You can test the effects of content transformation applied by -# Google's Lite Mode by visiting: https://googleweblight.com/i?u=https://www.example.com -# -# https://support.google.com/webmasters/answer/6211428 -# -# (!) If you are using `mod_pagespeed`, note that disabling this will -# prevent `PageSpeed` from rewriting HTML files, and, if the -# `ModPagespeedDisableRewriteOnNoTransform` directive isn't set to -# `off`, also from rewriting other resources. -# -# https://developers.google.com/speed/pagespeed/module/configuration#notransform - -# -# Header merge Cache-Control "no-transform" -# - # ---------------------------------------------------------------------- # | ETags | # ---------------------------------------------------------------------- @@ -1105,7 +1082,7 @@ FileETag None # Serve resources with a far-future expiration date. # # (!) If you don't control versioning with filename-based cache busting, you -# should consider lowering the cache times to something like one week. +# should consider lowering the cache times to something like one week. # # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires @@ -1114,112 +1091,155 @@ FileETag None ExpiresActive on - ExpiresDefault "access plus 1 year" - - # CSS - - ExpiresByType text/css "access plus 1 year" - - # Data interchange - - ExpiresByType application/atom+xml "access plus 1 hour" - ExpiresByType application/rdf+xml "access plus 1 hour" - ExpiresByType application/rss+xml "access plus 1 hour" - - ExpiresByType application/json "access plus 0 seconds" - ExpiresByType application/ld+json "access plus 0 seconds" - ExpiresByType application/schema+json "access plus 0 seconds" - ExpiresByType application/geo+json "access plus 0 seconds" - ExpiresByType application/xml "access plus 0 seconds" - ExpiresByType text/calendar "access plus 0 seconds" - ExpiresByType text/xml "access plus 0 seconds" - - - # Favicon (cannot be renamed!) and cursor images + # Default: Fallback + ExpiresDefault "access plus 1 year" + # Specific: Assets ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" - # HTML - - ExpiresByType text/html "access plus 0 seconds" - - - # JavaScript - - ExpiresByType application/javascript "access plus 1 year" - ExpiresByType application/x-javascript "access plus 1 year" - ExpiresByType text/javascript "access plus 1 year" - - - # Manifest files - + # Specific: Manifests ExpiresByType application/manifest+json "access plus 1 week" - ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" - ExpiresByType text/cache-manifest "access plus 0 seconds" - - - # Markdown + ExpiresByType application/x-web-app-manifest+json "access" + ExpiresByType text/cache-manifest "access" - ExpiresByType text/markdown "access plus 0 seconds" + # Specific: Data interchange + ExpiresByType application/atom+xml "access plus 1 hour" + ExpiresByType application/rdf+xml "access plus 1 hour" + ExpiresByType application/rss+xml "access plus 1 hour" + # Specific: Documents + ExpiresByType text/html "access" + ExpiresByType text/markdown "access" + ExpiresByType text/calendar "access" - # Media files + # Specific: Other + ExpiresByType text/x-cross-domain-policy "access plus 1 week" - ExpiresByType audio/ogg "access plus 1 year" - ExpiresByType image/apng "access plus 1 year" - ExpiresByType image/avif "access plus 1 year" - ExpiresByType image/avif-sequence "access plus 1 year" - ExpiresByType image/bmp "access plus 1 year" - ExpiresByType image/gif "access plus 1 year" - ExpiresByType image/jpeg "access plus 1 year" - ExpiresByType image/jxl "access plus 1 year" - ExpiresByType image/png "access plus 1 year" - ExpiresByType image/svg+xml "access plus 1 year" - ExpiresByType image/webp "access plus 1 year" - ExpiresByType video/mp4 "access plus 1 year" - ExpiresByType video/ogg "access plus 1 year" - ExpiresByType video/webm "access plus 1 year" + # Generic: Data + ExpiresByType application/json "access" + ExpiresByType application/ld+json "access" + ExpiresByType application/schema+json "access" + ExpiresByType application/geo+json "access" + ExpiresByType application/xml "access" + ExpiresByType text/xml "access" + + # Generic: WebAssembly + # ExpiresByType application/wasm "access plus 1 year" # default + + # Generic: Assets + # ExpiresByType application/javascript "access plus 1 year" # default + # ExpiresByType application/x-javascript "access plus 1 year" # default + # ExpiresByType text/javascript "access plus 1 year" # default + # ExpiresByType text/css "access plus 1 year" # default + + # Generic: Medias + # ExpiresByType audio/* "access plus 1 year" # default + # ExpiresByType image/* "access plus 1 year" # default + # ExpiresByType video/* "access plus 1 year" # default + # ExpiresByType font/* "access plus 1 year" # default + - # WebAssembly +# ---------------------------------------------------------------------- +# | Cache Control | +# ---------------------------------------------------------------------- - ExpiresByType application/wasm "access plus 1 year" +# Serve resources with appropriate cache control directives. +# +# The `Cache-Control` header field holds directives (instructions) that control +# caching in browsers and shared caches (e.g. Proxies, CDNs). +# Its use targets web performances improvement by specifying the expected +# client and network caches behaviors. +# +# The usable cache directives are listed here: +# https://www.iana.org/assignments/http-cache-directives/http-cache-directives.xml +# +# The cache directives are documented here: +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#response_directives +# +# (!) Enable and configure this configuration with care. +# Default values should embrace conformance for static files and simple +# apps, but cache control definition at backend level is highly preferred. +# Incorrect directives can lead to data leaks, or can degrade performances. +# +# More specifically, in-depth understanding on `public` vs `private` +# directives meanings is highly recommended. A resource with `public` will +# be cached by shared caches like CDN, even if a user session is active. +# +# (!) The config directive `Header` must be used with the appropriate action. +# Depending on the need, `merge` keeps the current value, if any, of +# `Cache-Control` header, while `set` reset the value including the one +# added by `ExpiresByType` directive in the cache expiration config file +# h5bp/web_performance/cache_expiration.conf. +# https://httpd.apache.org/docs/current/mod/mod_headers.html#header +# +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control +# https://www.rfc-editor.org/rfc/rfc9111.html +# https://www.rfc-editor.org/rfc/rfc8246.html +# https://www.rfc-editor.org/rfc/rfc5861.html +# https://www.iana.org/assignments/http-cache-directives/http-cache-directives.xml +# https://cache-tests.fyi/ +# - # Web fonts +# # Default +# Header merge Cache-Control "public, immutable, stale-while-revalidate" "expr=%{resp:Cache-Control} == 'max-age=31536000'" - # Collection - ExpiresByType font/collection "access plus 1 year" +# # No content +# Header merge Cache-Control "no-store" "expr=-z %{CONTENT_TYPE}" - # Embedded OpenType (EOT) - ExpiresByType application/vnd.ms-fontobject "access plus 1 year" - ExpiresByType font/eot "access plus 1 year" +# # Manifest files +# Header merge Cache-Control "public" "expr=%{CONTENT_TYPE} =~ m#application/manifest\+json#i" +# Header set Cache-Control "no-cache" "expr=%{CONTENT_TYPE} =~ m#text/cache-manifest#i" - # OpenType - ExpiresByType font/opentype "access plus 1 year" - ExpiresByType font/otf "access plus 1 year" +# # Assets +# Header merge Cache-Control "public, immutable, stale-while-revalidate" "expr=%{CONTENT_TYPE} =~ m#image/x-icon#i" - # TrueType - ExpiresByType application/x-font-ttf "access plus 1 year" - ExpiresByType font/ttf "access plus 1 year" +# # Data interchange +# Header merge Cache-Control "public, stale-while-revalidate" "expr=%{CONTENT_TYPE} =~ m#application/(atom|rdf|rss)\+xml#i" - # Web Open Font Format (WOFF) 1.0 - ExpiresByType application/font-woff "access plus 1 year" - ExpiresByType application/x-font-woff "access plus 1 year" - ExpiresByType font/woff "access plus 1 year" +# # Documents +# Header set Cache-Control "no-cache, private, must-revalidate" "expr=%{CONTENT_TYPE} =~ m#text/(html|markdown|calendar)#i" - # Web Open Font Format (WOFF) 2.0 - ExpiresByType application/font-woff2 "access plus 1 year" - ExpiresByType font/woff2 "access plus 1 year" +# # Data +# Header set Cache-Control "no-cache" "expr=%{CONTENT_TYPE} =~ m#json|xml#i && %{CONTENT_TYPE} !~ m#/(atom|rdf|rss|manifest|svg)\+#i" +# - # Other +# ---------------------------------------------------------------------- +# | Content transformation | +# ---------------------------------------------------------------------- - ExpiresByType text/x-cross-domain-policy "access plus 1 week" +# Prevent intermediate caches or proxies (such as those used by mobile +# network providers) and browsers data-saving features from modifying +# the website's content using the `no-transform` directive for +# `Cache-Control` header. +# +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control +# https://tools.ietf.org/html/rfc7234#section-5.2.2.4 +# +# (!) Carefully consider the impact on your visitors before disabling +# content transformation. These transformations are performed to +# improve the experience for data- and cost-constrained users +# (e.g. users on a 2G connection). +# +# You can test the effects of content transformation applied by +# Google's Lite Mode by visiting: https://googleweblight.com/i?u=https://www.example.com +# +# https://support.google.com/webmasters/answer/6211428 +# +# (!) If you are using `mod_pagespeed`, note that disabling this will +# prevent `PageSpeed` from rewriting HTML files, and, if the +# `ModPagespeedDisableRewriteOnNoTransform` directive isn't set to +# `off`, also from rewriting other resources. +# +# https://developers.google.com/speed/pagespeed/module/configuration#notransform - +# +# Header merge Cache-Control "no-transform" +# # ---------------------------------------------------------------------- # | File concatenation | diff --git a/package.json b/package.json index b221d61d..efe77f13 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "apache-server-configs", - "version": "5.1.0", + "version": "6.0.0", "author": "The H5BP Team", "description": "Boilerplate configurations for the Apache HTTP server", "repository": "h5bp/server-configs-apache",