On Wed, 19 Feb 2025 16:59:33 +0100 Bernhard Reiter via Gnupg-users <gnupg-users@gnupg.org> wrote: > > https://webkeydirectory.com > > [...] > the SHOULD content-type is indicated in red, but I've also learned > that my policy file had a defect. So it is useful. :) > > [...] > > the checker also recommends to set > The Access-Control-Allow-Origin: * header is needed to allow > OpenPGP clients to fetch the policy from a different domain, > bypassing CORS restrictions.
This is indeed a nice tool which helps fine tuning the configuration and debugging errors. Three resolved issues (and one open but understood) in less than four weeks make the admin smile at least a little while and are a reasonably good count. For user only (non-root) permission environments, e.g. webspace but not server contracts, I figured out the following htaccess lines to be helpful for apache web server: ----> Header add Access-Control-Allow-Origin "*" ForceType application/octet-stream <---- In server environments with root permission to edit the main configuration of a vhost it might be good advice to restrict those to a path (and ifmodule mod_mime.c) dependent substructure. I improved both kinds of situation to a full green output and learned a few things. -- kind regards Frank
pgpK1DrDabN5M.pgp
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
