mat.services/netlify.toml

82 lines
2.0 KiB
TOML
Raw Normal View History

2022-10-11 17:09:21 +00:00
[build]
2022-10-17 02:33:04 +00:00
command = "zola build --drafts"
2022-10-11 17:09:21 +00:00
publish = "public/"
[dev]
command = "zola serve --drafts"
publish = "public/"
port = 1111
2022-10-21 01:01:11 +00:00
[[redirects]]
from = "https://mat-services.netlify.app/*"
2022-11-01 20:12:06 +00:00
to = "https://www.mat.services/:splat"
force = true
[[redirects]]
# avoid http -> https -> www double redirect
from = "http://mat.services"
to = "https://www.mat.services/:splat"
2022-10-21 01:01:11 +00:00
force = true
2022-10-21 01:33:19 +00:00
[[headers]]
for = "/*"
[headers.values]
2022-10-21 04:38:07 +00:00
# baseline cache, one hour
Cache-Control = "public, max-age=3600"
2022-10-21 01:33:19 +00:00
# disable FLoC tracking
Permissions-Policy = "interest-cohort=()"
# enable HSTS
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
2022-10-23 15:43:29 +00:00
# prevent clients from sniffing the media type
2022-10-21 01:33:19 +00:00
X-Content-Type-Options = "nosniff"
# clickjacking protection
X-Frame-Options = "DENY"
# keep referrer data off of HTTP connections
Referrer-Policy = "no-referrer"
# content security policy
# style-src 'unsafe-inline': syntax highlighting in codefences
2022-10-23 15:43:29 +00:00
# sandbox allow-popups*: enable target="_blank" links to open in new tabs
2022-10-21 01:48:11 +00:00
Content-Security-Policy = '''
default-src 'none';
2022-10-23 15:43:29 +00:00
img-src 'self' https://stats.mat.services;
style-src 'self' 'unsafe-inline';
font-src 'self';
2022-10-23 15:51:11 +00:00
script-src 'sha256-a8rh6u3maZ6JiY6w6zsLlw9OUQf2tFPUX3t1/BV+RKc=' 'strict-dynamic';
2022-10-21 01:48:11 +00:00
form-action 'none';
frame-ancestors 'none';
base-uri 'none';
upgrade-insecure-requests;
sandbox
allow-same-origin
allow-scripts
allow-popups
allow-popups-to-escape-sandbox
'''
2022-10-21 04:40:42 +00:00
# per asset caching
[[headers]]
for = "/font/*"
[headers.values]
# a year
Cache-Control = "public, max-age=31536000"
[[headers]]
for = "/image/*"
[headers.values]
# a month
Cache-Control = "public, max-age=2592000"
[[headers]]
for = "/*.webp"
[headers.values]
# a month
Cache-Control = "public, max-age=2592000"
[[headers]]
for = "/style/*"
[headers.values]
# a week
Cache-Control = "public, max-age=604800"