Mess with headers again

2022-10-20 21:57:27 -04:00 · 2022-10-20 21:57:27 -04:00 · 656df35578
parent fcb3a22615
commit 656df35578
3 changed files with 5 additions and 18 deletions
--- a/.drone.jsonnet
+++ b/.drone.jsonnet
@ -27,6 +27,7 @@ local NetlifyStep(env) =
    settings: {
      token: { from_secret: 'netlify_token' },
      site: { from_secret: 'netlify_site_id' },
+      alias: env,
      path: '/site',
      prod: prod,
    },
--- a/flake.nix
+++ b/flake.nix
@ -21,14 +21,15 @@
          buildSite = { prod }:
            let
              inherit (pkgs.lib) optionalString;
+              ifStaging = optionalString (!prod);
              rev = if (self ? rev) then self.rev else "dirty";
            in
            ''
              optimize-images
-              ${optionalString (!prod) "BASE_URL=https://${rev}--mat-services.netlify.app"}
-              zola build --drafts ${optionalString (!prod) "--base-url $BASE_URL"}
+              ${ifStaging "BASE_URL=https://${rev}--mat-services.netlify.app"}
+              zola build --drafts ${ifStaging "--base-url $BASE_URL"}
              # zola's ignored_content setting doesn't work in static/
-              cp headers/${if prod then "production" else "staging"} public/_headers
+              ${ifStaging "cp headers/staging public/_headers"}
              rm -rf public/image/_favicon.svg
            '';
        in
--- a/headers/production
+++ b/headers/production
@ -1,15 +0,0 @@
-/*
-  # disable FLoC tracking
-  Permissions-Policy: interest-cohort=()
-  # enable HSTS
-  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
-  # disable clients from sniffing the media type
-  X-Content-Type-Options: nosniff
-  # clickjacking protection
-  X-Frame-Options: DENY
-  # keep referrer data off of HTTP connections
-  Referrer-Policy: no-referrer
-  # content security policy
-  # style-src 'unsafe-inline': syntax highlighting in codefences
-  # sandbox allow-popups: enable target="_blank" links to open in new tabs
-  Content-Security-Policy: default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox