Try reverting headers
parent
9cb96154de
commit
fcb3a22615
34
netlify.toml
34
netlify.toml
|
@ -11,23 +11,6 @@
|
|||
from = "https://mat-services.netlify.app/*"
|
||||
to = "https://mat.services/:splat"
|
||||
force = true
|
||||
|
||||
[redirects.headers]
|
||||
# disable FLoC tracking
|
||||
Permissions-Policy = "interest-cohort=()"
|
||||
# enable HSTS
|
||||
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
|
||||
# disable clients from sniffing the media type
|
||||
X-Content-Type-Options = "nosniff"
|
||||
# clickjacking protection
|
||||
X-Frame-Options = "DENY"
|
||||
# keep referrer data off of HTTP connections
|
||||
Referrer-Policy = "no-referrer"
|
||||
# content security policy
|
||||
# style-src 'unsafe-inline': syntax highlighting in codefences
|
||||
# sandbox allow-popups: enable target="_blank" links to open in new tabs
|
||||
Content-Security-Policy = "default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox"
|
||||
|
||||
|
||||
[[headers]]
|
||||
for = "/*"
|
||||
|
@ -46,4 +29,19 @@
|
|||
# content security policy
|
||||
# style-src 'unsafe-inline': syntax highlighting in codefences
|
||||
# sandbox allow-popups: enable target="_blank" links to open in new tabs
|
||||
Content-Security-Policy = "default-src 'none'; img-src 'self' https://mat.services https://stats.mat.services; style-src 'self' https://mat.services 'unsafe-inline'; font-src 'self' https://mat.services; script-src 'self' https://mat.services https://stats.mat.services; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; upgrade-insecure-requests; sandbox allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox"
|
||||
Content-Security-Policy = '''
|
||||
default-src 'none';
|
||||
img-src 'self' https://mat.services https://stats.mat.services;
|
||||
style-src 'self' https://mat.services 'unsafe-inline';
|
||||
font-src 'self' https://mat.services;
|
||||
script-src 'self' https://mat.services https://stats.mat.services;
|
||||
form-action 'none';
|
||||
frame-ancestors 'none';
|
||||
base-uri 'none';
|
||||
upgrade-insecure-requests;
|
||||
sandbox
|
||||
allow-same-origin
|
||||
allow-scripts
|
||||
allow-popups
|
||||
allow-popups-to-escape-sandbox
|
||||
'''
|
||||
|
|
Loading…
Reference in New Issue