cgit
****

https://git.zx2c4.com/cgit/: A hyperfast web frontend for git repositories written in C.

Apache
------

.. literalinclude:: cgit_headers.j2
   :caption: cgit_headers
   :name: cgit_headers.j2
   :language: apacheconf

.. literalinclude:: cgit.j2
   :caption: cgit
   :name: cgit.j2
   :language: apacheconf


robots.txt
----------

.. code-block:: console

  # su - rcube -s /bin/bash
  $ cd ~/public_html
  $ cat << EOF > robots.txt
  cat robots.txt
  User-agent: *
  Crawl-Delay: 3
  Disallow: /*?*
  $ chmod 644 robots.txt


security.txt
------------

.. code-block:: console

  # su - rcube -s /bin/bash
  $ install -d -m 0755 ~/public_html/.well-known
  $ cd ~/public_html/.well-known
  $ wget -N https://www.cgsecurity.org/.well-known/security.txt
  $ chmod 644 security.txt


Audit
-----

.. literalinclude:: cgit_check.py
   :caption: cgit_check.py
   :name: cgit_check-py
   :language: python

.. literalinclude:: cgit_check.txt
   :caption: cgit_check.py output
   :name: cgit_check-txt

.. code-block:: console
  :name: git_twa

  $ twa -d git.cgsecurity.org|grep -v PASS
  MEH(git.cgsecurity.org): TWA-0215: Content-Security-Policy 'default-src' is ''self''
  FAIL(git.cgsecurity.org): TWA-0220: Feature-Policy missing


https://developer.mozilla.org/en-US/observatory/analyze?host=git.cgsecurity.org