From 43a724b98c6163e183b3295bf853326c240a5311 Mon Sep 17 00:00:00 2001
From: Andreas Gerstenberg <gerstenberg@pixelpark.com>
Date: Thu, 19 Oct 2017 10:25:12 +0200
Subject: [PATCH] spk-spar-checker update configs

---
 customer/spk-spar-checker/production.yaml | 3 ++-
 customer/spk-spar-checker/test.yaml       | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml
index 46ddfb53..e1ea3591 100644
--- a/customer/spk-spar-checker/production.yaml
+++ b/customer/spk-spar-checker/production.yaml
@@ -41,6 +41,7 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
       - 'always set Strict-Transport-Security: "max-age=15768001"'
+      - 'always set Referrer-Policy "origin"'
       - "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
 
     aliases:
@@ -163,7 +164,7 @@ infra::profile::apache::pp_vhosts:
               - '.* /404.html [R=404,L]'
 
       - provider: filesmatch
-        path: '\.(ttf|otf|eot|woff)$'
+        path: '\.(ttf|otf|eot|woff|woff2)$'
         headers:
           - 'always set Access-Control-Allow-Origin "*"'
     rewrites:
diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml
index b95c29b2..030f81c5 100644
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -39,6 +39,7 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
       - 'always set Strict-Transport-Security: "max-age=15768001"'
+      - 'always set Referrer-Policy "origin"'
       - "set Content-Security-Policy \"default-src 'none'; connect-src 'self'; script-src 'self' data: www.google-analytics.com 'sha256-aed8ae7e95bc21fd56a9074f9eedd4db237cf41ebb8ea603d8bf6764f0d23f4c'; style-src 'self' data: https://webfonts.sparkasse.de 'unsafe-inline'; img-src 'self' data: img.vxcdn.com www.google-analytics.com www.verivox.de; font-src 'self' data: https://webfonts.sparkasse.de; child-src 'self'; object-src 'self'; form-action 'self'; report-uri /api/v1/report;\""
 
     aliases:
@@ -161,7 +162,7 @@ infra::profile::apache::pp_vhosts:
               - '.* /404.html [R=404,L]'
 
       - provider: filesmatch
-        path: '\.(ttf|otf|eot|woff)$'
+        path: '\.(ttf|otf|eot|woff|woff2)$'
         headers:
           - 'always set Access-Control-Allow-Origin "*"'
     rewrites:
-- 
2.39.5