Formular-Handling verbessert: CSRF-Token hinzugefügt, AJAX-Formularübermittlung implementiert und neue CSS-Stile für verschiedene Abschnitte hinzugefügt.

2025-07-31 15:47:00 +02:00
parent 3df2a0efea
commit 0e49848a78
8 changed files with 944 additions and 15 deletions
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -0,0 +1,96 @@
+# HexaHost.de .htaccess
+# Sicherheit und Performance-Optimierungen
+
+# Sicherheitsheader
+<IfModule mod_headers.c>
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options DENY
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
+</IfModule>
+
+# HTTPS erzwingen (falls SSL verfügbar)
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteCond %{HTTP_HOST} ^(www\.)?hexahost\.de$ [NC]
+    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
+</IfModule>
+
+# Konfigurationsdateien schützen
+<Files "mail-config.php">
+    Order allow,deny
+    Deny from all
+</Files>
+
+<Files "composer.json">
+    Order allow,deny
+    Deny from all
+</Files>
+
+<Files "composer.lock">
+    Order allow,deny
+    Deny from all
+</Files>
+
+# Logs-Verzeichnis schützen
+<Directory "logs">
+    Order allow,deny
+    Deny from all
+</Directory>
+
+# Vendor-Verzeichnis schützen
+<Directory "vendor">
+    Order allow,deny
+    Deny from all
+</Directory>
+
+# Cache-Header für statische Dateien
+<IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresByType text/css "access plus 1 month"
+    ExpiresByType application/javascript "access plus 1 month"
+    ExpiresByType image/png "access plus 1 month"
+    ExpiresByType image/jpg "access plus 1 month"
+    ExpiresByType image/jpeg "access plus 1 month"
+    ExpiresByType image/gif "access plus 1 month"
+    ExpiresByType image/svg+xml "access plus 1 month"
+    ExpiresByType image/webp "access plus 1 month"
+    ExpiresByType font/woff "access plus 1 month"
+    ExpiresByType font/woff2 "access plus 1 month"
+</IfModule>
+
+# Gzip-Kompression
+<IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE text/plain
+    AddOutputFilterByType DEFLATE text/html
+    AddOutputFilterByType DEFLATE text/xml
+    AddOutputFilterByType DEFLATE text/css
+    AddOutputFilterByType DEFLATE application/xml
+    AddOutputFilterByType DEFLATE application/xhtml+xml
+    AddOutputFilterByType DEFLATE application/rss+xml
+    AddOutputFilterByType DEFLATE application/javascript
+    AddOutputFilterByType DEFLATE application/x-javascript
+</IfModule>
+
+# PHP-Einstellungen
+<IfModule mod_php.c>
+    php_value upload_max_filesize 10M
+    php_value post_max_size 10M
+    php_value max_execution_time 30
+    php_value memory_limit 128M
+</IfModule>
+
+# Fehlerbehandlung
+ErrorDocument 404 /404.html
+ErrorDocument 500 /500.html
+
+# Verzeichnis-Listing deaktivieren
+Options -Indexes
+
+# Datei-Zugriff beschränken
+<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">
+    Order Allow,Deny
+    Deny from all
+</FilesMatch>