app.yaml

# Google App Engine application config file tailored to static websites.
# Complete documentation can be found here:
# https://developers.google.com/appengine/docs/php/config/appconfig

api_version: 1
threadsafe: yes

runtime: php55
application: replace-with-your-project-id
version: 1

default_expiration: "1d"

handlers:

# Manifest files

- url: /(.+\.(appcache))
  static_files: \1
  upload: static/(.+\.(appcache))
  mime_type: text/cache-manifest
  expiration: "0s"

- url: /(.+\.webapp)
  static_files: \1
  upload: (.+\.webapp)
  mime_type: application/x-web-app-manifest+json
  expiration: "0s"

# Fonts and images

- url: /(.+\.(eot|otf|tt[cf]|woff2?|cur|gif|ico|jpe?g|png|svgz?|webp))
  static_files: \1
  upload: (.+\.(eot|otf|tt[cf]|woff2?|cur|gif|ico|jpe?g|png|svgz?|webp))
  http_headers:
    # Allow cross-origin access to web fonts and images
    # You can also replace "*" with a specific host, e.g. https://example.org
    Access-Control-Allow-Origin: "*"

# CSS, Javascript, text and other file types

- url: /(.+\.(css|js|xml|txt))
  static_files: \1
  upload: (.+\.(css|js|xml|txt))
  expiration: "10m"

# HTML pages

- url: /(.+\.html)
  static_files: \1
  upload: (.+\.html)
  expiration: "10m"
  http_headers:
    # Force Internet Explorer to render pages in the highest available
    # mode in the various cases when it may not.
    # https://hsivonen.fi/doctype/#ie8
    X-UA-Compatible: "IE=edge"
    # For more details on how to craft a reasonable policy for your site, read:
    # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ (or
    # the specification: http://www.w3.org/TR/CSP11/). Also, to make things easier,
    # you can use an online CSP header generator such as: http://cspisawesome.com/.
    #Content-Security-Policy: "script-src 'self'; object-src 'self'"

# Homepage
- url: /
  static_files: index.html
  upload: index\.html
  expiration: "10m"
  http_headers:
    X-UA-Compatible: "IE=edge"
    #Content-Security-Policy: "script-src 'self'; object-src 'self'"