2022-10-11 17:09:21 +00:00
|
|
|
[build]
|
2022-10-17 02:33:04 +00:00
|
|
|
command = "zola build --drafts"
|
2022-10-11 17:09:21 +00:00
|
|
|
publish = "public/"
|
|
|
|
|
|
|
|
[dev]
|
|
|
|
command = "zola serve --drafts"
|
|
|
|
publish = "public/"
|
|
|
|
port = 1111
|
|
|
|
|
2022-10-21 01:01:11 +00:00
|
|
|
[[redirects]]
|
|
|
|
from = "https://mat-services.netlify.app/*"
|
2022-11-01 20:12:06 +00:00
|
|
|
to = "https://www.mat.services/:splat"
|
|
|
|
force = true
|
|
|
|
|
|
|
|
[[redirects]]
|
|
|
|
# avoid http -> https -> www double redirect
|
|
|
|
from = "http://mat.services"
|
|
|
|
to = "https://www.mat.services/:splat"
|
2022-10-21 01:01:11 +00:00
|
|
|
force = true
|
2022-10-21 01:33:19 +00:00
|
|
|
|
|
|
|
[[headers]]
|
|
|
|
for = "/*"
|
|
|
|
|
|
|
|
[headers.values]
|
2022-10-21 04:38:07 +00:00
|
|
|
# baseline cache, one hour
|
|
|
|
Cache-Control = "public, max-age=3600"
|
2022-10-21 01:33:19 +00:00
|
|
|
# disable FLoC tracking
|
|
|
|
Permissions-Policy = "interest-cohort=()"
|
|
|
|
# enable HSTS
|
|
|
|
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
|
2022-10-23 15:43:29 +00:00
|
|
|
# prevent clients from sniffing the media type
|
2022-10-21 01:33:19 +00:00
|
|
|
X-Content-Type-Options = "nosniff"
|
|
|
|
# clickjacking protection
|
|
|
|
X-Frame-Options = "DENY"
|
|
|
|
# keep referrer data off of HTTP connections
|
|
|
|
Referrer-Policy = "no-referrer"
|
|
|
|
# content security policy
|
|
|
|
# style-src 'unsafe-inline': syntax highlighting in codefences
|
2022-10-23 15:43:29 +00:00
|
|
|
# sandbox allow-popups*: enable target="_blank" links to open in new tabs
|
2022-10-21 01:48:11 +00:00
|
|
|
Content-Security-Policy = '''
|
|
|
|
default-src 'none';
|
2022-10-23 15:43:29 +00:00
|
|
|
img-src 'self' https://stats.mat.services;
|
|
|
|
style-src 'self' 'unsafe-inline';
|
|
|
|
font-src 'self';
|
2022-11-25 23:24:54 +00:00
|
|
|
script-src 'self' https://stats.mat.services;
|
2022-10-21 01:48:11 +00:00
|
|
|
form-action 'none';
|
|
|
|
frame-ancestors 'none';
|
|
|
|
base-uri 'none';
|
|
|
|
upgrade-insecure-requests;
|
|
|
|
sandbox
|
|
|
|
allow-same-origin
|
|
|
|
allow-scripts
|
|
|
|
allow-popups
|
|
|
|
allow-popups-to-escape-sandbox
|
|
|
|
'''
|
2022-10-21 04:40:42 +00:00
|
|
|
|
|
|
|
# per asset caching
|
|
|
|
|
|
|
|
[[headers]]
|
|
|
|
for = "/font/*"
|
|
|
|
[headers.values]
|
|
|
|
# a year
|
|
|
|
Cache-Control = "public, max-age=31536000"
|
|
|
|
|
|
|
|
[[headers]]
|
|
|
|
for = "/image/*"
|
|
|
|
[headers.values]
|
|
|
|
# a month
|
|
|
|
Cache-Control = "public, max-age=2592000"
|
|
|
|
|
|
|
|
[[headers]]
|
|
|
|
for = "/*.webp"
|
|
|
|
[headers.values]
|
|
|
|
# a month
|
|
|
|
Cache-Control = "public, max-age=2592000"
|
|
|
|
|
|
|
|
[[headers]]
|
|
|
|
for = "/style/*"
|
|
|
|
[headers.values]
|
|
|
|
# a week
|
|
|
|
Cache-Control = "public, max-age=604800"
|