mat.services/netlify.toml

[build]
  command = "zola build --drafts"
  publish = "public/"

[dev]
  command = "zola serve --drafts"
  publish = "public/"
  port = 1111

[[redirects]]
  from = "https://mat-services.netlify.app/*"
  to = "https://www.mat.services/:splat"
  force = true

[[redirects]]
  # avoid http -> https -> www double redirect
  from = "http://mat.services"
  to = "https://www.mat.services/:splat"
  force = true

[[headers]]
  for = "/*"

  [headers.values]
    # baseline cache, one hour
    Cache-Control = "public, max-age=3600"
    # disable FLoC tracking
    Permissions-Policy = "interest-cohort=()"
    # enable HSTS
    Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
    # prevent clients from sniffing the media type
    X-Content-Type-Options = "nosniff"
    # clickjacking protection
    X-Frame-Options = "DENY"
    # keep referrer data off of HTTP connections
    Referrer-Policy = "no-referrer"
    # content security policy
    # style-src 'unsafe-inline': syntax highlighting in codefences
    # sandbox allow-popups*: enable target="_blank" links to open in new tabs
    Content-Security-Policy = '''
    default-src 'none';
    img-src 'self' https://stats.mat.services;
    style-src 'self' 'unsafe-inline';
    font-src 'self';
    script-src 'self' https://stats.mat.services;
    form-action 'none';
    frame-ancestors 'none';
    base-uri 'none';
    upgrade-insecure-requests;
    sandbox
      allow-same-origin
      allow-scripts
      allow-popups 
      allow-popups-to-escape-sandbox
    '''

# per asset caching

[[headers]]
  for = "/font/*"
  [headers.values]
    # a year
    Cache-Control = "public, max-age=31536000"

[[headers]]
  for = "/image/*"
  [headers.values]
    # a month
    Cache-Control = "public, max-age=2592000"

[[headers]]
  for = "/*.webp"
  [headers.values]
    # a month
    Cache-Control = "public, max-age=2592000"

[[headers]]
  for = "/style/*"
  [headers.values]
    # a week
    Cache-Control = "public, max-age=604800"
Fly -> Netlify, drop some Nix code 2022-10-11 17:09:21 +00:00			`[build]`
Fix 404 2022-10-17 02:33:04 +00:00			`command = "zola build --drafts"`
Fly -> Netlify, drop some Nix code 2022-10-11 17:09:21 +00:00			`publish = "public/"`

			`[dev]`
			`command = "zola serve --drafts"`
			`publish = "public/"`
			`port = 1111`

Add per env headers 2022-10-21 01:01:11 +00:00			`[[redirects]]`
			`from = "https://mat-services.netlify.app/*"`
Add http->www redirect 2022-11-01 20:12:06 +00:00			`to = "https://www.mat.services/:splat"`
			`force = true`

			`[[redirects]]`
			`# avoid http -> https -> www double redirect`
			`from = "http://mat.services"`
			`to = "https://www.mat.services/:splat"`
Add per env headers 2022-10-21 01:01:11 +00:00			`force = true`
Readd headers to config 2022-10-21 01:33:19 +00:00
			`[[headers]]`
			`for = "/*"`

			`[headers.values]`
Add per asset caching 2022-10-21 04:38:07 +00:00			`# baseline cache, one hour`
			`Cache-Control = "public, max-age=3600"`
Readd headers to config 2022-10-21 01:33:19 +00:00			`# disable FLoC tracking`
			`Permissions-Policy = "interest-cohort=()"`
			`# enable HSTS`
			`Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"`
Rewrite CSP 2022-10-23 15:43:29 +00:00			`# prevent clients from sniffing the media type`
Readd headers to config 2022-10-21 01:33:19 +00:00			`X-Content-Type-Options = "nosniff"`
			`# clickjacking protection`
			`X-Frame-Options = "DENY"`
			`# keep referrer data off of HTTP connections`
			`Referrer-Policy = "no-referrer"`
			`# content security policy`
			`# style-src 'unsafe-inline': syntax highlighting in codefences`
Rewrite CSP 2022-10-23 15:43:29 +00:00			`# sandbox allow-popups*: enable target="_blank" links to open in new tabs`
Try reverting headers 2022-10-21 01:48:11 +00:00			`Content-Security-Policy = '''`
			`default-src 'none';`
Rewrite CSP 2022-10-23 15:43:29 +00:00			`img-src 'self' https://stats.mat.services;`
			`style-src 'self' 'unsafe-inline';`
			`font-src 'self';`
Drop strict-dynamic 2022-11-25 23:24:54 +00:00			`script-src 'self' https://stats.mat.services;`
Try reverting headers 2022-10-21 01:48:11 +00:00			`form-action 'none';`
			`frame-ancestors 'none';`
			`base-uri 'none';`
			`upgrade-insecure-requests;`
			`sandbox`
			`allow-same-origin`
			`allow-scripts`
			`allow-popups`
			`allow-popups-to-escape-sandbox`
			`'''`
Reorder ??? 2022-10-21 04:40:42 +00:00
			`# per asset caching`

			`[[headers]]`
			`for = "/font/*"`
			`[headers.values]`
			`# a year`
			`Cache-Control = "public, max-age=31536000"`

			`[[headers]]`
			`for = "/image/*"`
			`[headers.values]`
			`# a month`
			`Cache-Control = "public, max-age=2592000"`

			`[[headers]]`
			`for = "/*.webp"`
			`[headers.values]`
			`# a month`
			`Cache-Control = "public, max-age=2592000"`

			`[[headers]]`
			`for = "/style/*"`
			`[headers.values]`
			`# a week`
			`Cache-Control = "public, max-age=604800"`