The public/htaccess.dist distributed with the repo combines modules from the H5BP Apache Server Configs and Jeff Starr’s Perishable Press 7G Firewall.
This repo uses a .htaccess configuration file located in the server-configs directory. This kind of file is described on the H5BP Apache Server Configs project site. Have a look at their docs on how to tweak your .htaccess file.
To build a new public/htaccess.dist file:
$ composer htaccess
$ cp public/htaccess.dist public/.htaccess
Do not forget to edit or add your contact data to the HTML files inside the public/errordocs/ directory. To disable custom error documents, look inside the .htaccess configuration file – you’ll find this line:
enable "resources/server-configs/custom-errorpages.conf"
Simply change to disable … and rebuild the .htaccess.
The web app uses \Middlewares\CSP middleware for certain routes. The value of the CSP header can be defined in configs/csp.dist.yaml (or configs/csp.yaml, respectively).
The distributed csp.dist.yaml creates the same CSP headers than those used in the H5BP Apache Server Configs project. Head over to their original content-security snippet: content-security-policy.conf