mat
/
mat.services
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mess with headers again
continuous-integration/drone/push Build is passing Details
continuous-integration/drone Build is passing Details

pull/1/head
mat ess 2022-10-20 21:57:27 -04:00
parent fcb3a22615
commit 656df35578
3 changed files with 5 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.drone.jsonnet
View File

@ -27,6 +27,7 @@ local NetlifyStep(env) =
settings: {
token: { from_secret: 'netlify_token' },
site: { from_secret: 'netlify_site_id' },
alias: env,
path: '/site',
prod: prod,
},

7
flake.nix
View File

@ -21,14 +21,15 @@
buildSite = { prod }:
let
inherit (pkgs.lib) optionalString;
ifStaging = optionalString (!prod);
rev = if (self ? rev) then self.rev else "dirty";
in
''
optimize-images
${optionalString (!prod) "BASE_URL=https://${rev}--mat-services.netlify.app"}
zola build --drafts ${optionalString (!prod) "--base-url $BASE_URL"}
${ifStaging "BASE_URL=https://${rev}--mat-services.netlify.app"}
zola build --drafts ${ifStaging "--base-url $BASE_URL"}
# zola's ignored_content setting doesn't work in static/
cp headers/${if prod then "production" else "staging"} public/_headers
${ifStaging "cp headers/staging public/_headers"}
rm -rf public/image/_favicon.svg
'';
in

15
headers/production
View File

@ -1,15 +0,0 @@
/*
# disable FLoC tracking
Permissions-Policy: interest-cohort=()
# enable HSTS
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
# disable clients from sniffing the media type
X-Content-Type-Options: nosniff
# clickjacking protection
X-Frame-Options: DENY
# keep referrer data off of HTTP connections
Referrer-Policy: no-referrer
# content security policy
# style-src 'unsafe-inline': syntax highlighting in codefences
# sandbox allow-popups: enable target="_blank" links to open in new tabs
Content-Security-Policy: default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox