reverted hugo config to single file, server headers are always used l…

…ocally
cryptomator · Jul 18, 2024 · 958a8a6 · 958a8a6
1 parent 96e1d2f
commit 958a8a6
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 14 deletions.
diff --git a/config/development/server.toml b/config/development/server.toml
diff --git a/config/production/server.toml b/config/production/server.toml
diff --git a/config/_default/hugo.toml → hugo.toml b/config/_default/hugo.toml → hugo.toml
@@ -111,3 +111,11 @@ block = true
 
 [permalinks]
   blog = "/blog/:year/:month/:day/:slug/"
+
+[server]
+  [[server.headers]]
+      for = '/**'
+      [server.headers.values]
+        Content-Security-Policy = "default-src 'none'; script-src 'self' 'unsafe-eval' https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://i.ytimg.com/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/ http://localhost:8787/ https://api.github.com/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://www.youtube-nocookie.com/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'"
+        Strict-Transport-Security = "max-age=31536000; includeSubDomains"
+        X-Content-Type-Options = "nosniff"