forked from DirtyF/frank.taillandier.me
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.netlify.toml
23 lines (23 loc) · 1.36 KB
/
.netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[[headers]]
for = "/*"
[headers.values]
Access-Control-Allow-Origin = "*"
Content-Security-Policy-Report-Only = "default-src 'self';object-src 'self';connect-src 'self' https://syndication.twitter.com;img-src 'self' *.cloudfront.net *.githubusercontent.com twimg.com syndication.twitter.com gravatar.com data:;script-src 'self' 'unsafe-inline' *.cloudfront.net speakerdeck.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com platform.twitter.com;worker-src 'self';font-src 'self' data: fonts.gstatic.com;frame-src 'self' twitter.com vimeo.com youtube.com speakerdeck.com slideshare.net;report-uri https://franktaillandierme.report-uri.io/r/default/csp/enforce"
Referrer-Policy = "strict-origin-when-cross-origin"
X-Content-Type-Options = "nosniff"
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block"
Link = '''
</assets/css/main.css>; rel=preload; as=stylesheet
</assets/js/analytics.js>; rel=preload; as=script
</assets/js/autotrack.custom.js>; rel=preload; as=script
</assets/js/anchor.min.js>; rel=preload; as=script
</assets/js/turbolinks.js>; rel=preload; as=script'''
[[headers]]
for = "/assets/*"
[headers.values]
Cache-Control = "public, max-age=360000"
[[headers]]
for = "/feed.json"
[headers.values]
Content-Type = "application/json; charset=utf-8"