-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnetlify.toml
59 lines (51 loc) · 1.56 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Netlify configuration file
[build]
# Directory to publish
publish = "."
# Redirects configuration
[[redirects]]
from = "https://git.thayn.me/*"
to = "https://github.com/AnalogCyan/:splat"
status = 301
force = true
[[redirects]]
from = "https://git.thayn.gay/*"
to = "https://github.com/AnalogCyan/:splat"
status = 301
force = true
[[redirects]]
from = "/*"
to = "/index.html"
status = 200
# Custom headers for security
[[headers]]
for = "/*"
[headers.values]
# Prevent clickjacking
X-Frame-Options = "DENY"
# Enable HSTS with a max age of 1 year
Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
# Prevent MIME type sniffing
X-Content-Type-Options = "nosniff"
# Enable XSS protection
X-XSS-Protection = "1; mode=block"
# Content Security Policy
Content-Security-Policy = "default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self';"
# Disable caching for development
Cache-Control = "no-store"
# Headers for specific paths
[[headers]]
for = "/media/*"
[headers.values]
# Disable caching for development
Cache-Control = "no-store"
[[headers]]
for = "/css/*"
[headers.values]
# Disable caching for development
Cache-Control = "no-store"
[[headers]]
for = "/js/*"
[headers.values]
# Disable caching for development
Cache-Control = "no-store"