-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathnetlify.toml
71 lines (69 loc) · 2.33 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
[build]
command = "npm run build"
publish = "build/"
[functions]
directory = "src/functions"
node_bundler = "esbuild"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block"
#
# X-Content-Type-Options controls whether browsers attempt to detect
# the content type, rather than relyihng on the Content-Type header.
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
X-Content-Type-Options = "nosniff"
#
# Strict-Transport-Security to require HTTPS connections in supported
# browsers. These settings are required to be eligible for inclusion
# in the HSTS Preload list; see: https://hstspreload.org/
Strict-Transport-Security = """
max-age=31536000; \
includeSubDomains; \
preload \
"""
#
# Referrer-Policy controls the Referer header in requests.
#
# same-origin allows analytics tools to understand user journeys.
Referrer-Policy = "same-origin"
#
# Content-Security-Policy controls what resources can be loaded on the page.
Content-Security-Policy = "frame-ancestors 'self' *.gitpod.io *.staging.gitpod-dev.com"
#
# Permissions-Policy controls the features that the site can request.
#
# https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/
# https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
Permissions-Policy = """\
accelerometer=(), \
ambient-light-sensor=(), \
autoplay=(), \
battery=(), \
camera=(), \
cross-origin-isolated=(), \
display-capture=(), \
document-domain=(), \
encrypted-media=(), \
execution-while-not-rendered=(), \
execution-while-out-of-viewport=(), \
fullscreen=(), \
geolocation=(), \
gyroscope=(), \
hid=(), \
idle-detection=(), \
magnetometer=(), \
microphone=(), \
midi=(), \
navigation-override=(), \
payment=(), \
picture-in-picture=(), \
publickey-credentials-get=(), \
screen-wake-lock=(), \
serial=(), \
sync-xhr=(), \
usb=(), \
web-share=(), \
xr-spatial-tracking=() \
"""