Mess with headers again
parent
fcb3a22615
commit
656df35578
|
@ -27,6 +27,7 @@ local NetlifyStep(env) =
|
||||||
settings: {
|
settings: {
|
||||||
token: { from_secret: 'netlify_token' },
|
token: { from_secret: 'netlify_token' },
|
||||||
site: { from_secret: 'netlify_site_id' },
|
site: { from_secret: 'netlify_site_id' },
|
||||||
|
alias: env,
|
||||||
path: '/site',
|
path: '/site',
|
||||||
prod: prod,
|
prod: prod,
|
||||||
},
|
},
|
||||||
|
|
|
@ -21,14 +21,15 @@
|
||||||
buildSite = { prod }:
|
buildSite = { prod }:
|
||||||
let
|
let
|
||||||
inherit (pkgs.lib) optionalString;
|
inherit (pkgs.lib) optionalString;
|
||||||
|
ifStaging = optionalString (!prod);
|
||||||
rev = if (self ? rev) then self.rev else "dirty";
|
rev = if (self ? rev) then self.rev else "dirty";
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
optimize-images
|
optimize-images
|
||||||
${optionalString (!prod) "BASE_URL=https://${rev}--mat-services.netlify.app"}
|
${ifStaging "BASE_URL=https://${rev}--mat-services.netlify.app"}
|
||||||
zola build --drafts ${optionalString (!prod) "--base-url $BASE_URL"}
|
zola build --drafts ${ifStaging "--base-url $BASE_URL"}
|
||||||
# zola's ignored_content setting doesn't work in static/
|
# zola's ignored_content setting doesn't work in static/
|
||||||
cp headers/${if prod then "production" else "staging"} public/_headers
|
${ifStaging "cp headers/staging public/_headers"}
|
||||||
rm -rf public/image/_favicon.svg
|
rm -rf public/image/_favicon.svg
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
/*
|
|
||||||
# disable FLoC tracking
|
|
||||||
Permissions-Policy: interest-cohort=()
|
|
||||||
# enable HSTS
|
|
||||||
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
|
|
||||||
# disable clients from sniffing the media type
|
|
||||||
X-Content-Type-Options: nosniff
|
|
||||||
# clickjacking protection
|
|
||||||
X-Frame-Options: DENY
|
|
||||||
# keep referrer data off of HTTP connections
|
|
||||||
Referrer-Policy: no-referrer
|
|
||||||
# content security policy
|
|
||||||
# style-src 'unsafe-inline': syntax highlighting in codefences
|
|
||||||
# sandbox allow-popups: enable target="_blank" links to open in new tabs
|
|
||||||
Content-Security-Policy: default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox
|
|
Loading…
Reference in New Issue