-
Notifications
You must be signed in to change notification settings - Fork 2
/
netlify.toml
71 lines (67 loc) · 2.19 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
[[redirects]]
from = "/*"
to = "/index.html"
status = 200
[[headers]]
for = "/*"
[headers.values]
Strict-Transport-Security = "max-age=31536000; includeSubDomains"
X-Frame-Options = "SAMEORIGIN"
X-Content-Type-Options = "nosniff"
Access-Control-Allow-Origin = "*"
Content-Security-Policy = '''
default-src 'self';
object-src 'none';
script-src 'self' https://*.cloudflareinsights.com https://hcaptcha.com https://bszhueyhgsdxrzchvdqd.supabase.co;
img-src 'self' blob: https://bszhueyhgsdxrzchvdqd.supabase.co https://*.googleusercontent.com;
child-src 'self' https://*.hcaptcha.com https://bszhueyhgsdxrzchvdqd.supabase.co;
connect-src 'self' https://cloudflareinsights.com https://*.hcaptcha.com https://bszhueyhgsdxrzchvdqd.supabase.co;
script-src-elem 'self' https://*.cloudflareinsights.com https://hcaptcha.com https://bszhueyhgsdxrzchvdqd.supabase.co;
frame-ancestors 'none';
upgrade-insecure-requests;
block-all-mixed-content;
'''
X-Permitted-Cross-Domain-Policies = "none"
Referrer-Policy = "no-referrer"
#Cross-Origin-Embedder-Policy = "credentialless"
#Cross-Origin-Opener-Policy = "same-origin"
#Cross-Origin-Resource-Policy = "cross-origin"
Permissions-Policy = '''
accelerometer=(),
autoplay=(self),
camera=(self),
cross-origin-isolated=(self),
display-capture=(),
document-domain=(),
encrypted-media=(),
fullscreen=(self),
geolocation=(self),
gyroscope=(self),
magnetometer=(),
microphone=(),
midi=(),
payment=(),
picture-in-picture=(),
usb=()
'''
# Unrecognized features:
# Permissions-Policy = '''
# ambient-light-sensor=(),
# battery=(self),
# execution-while-not-rendered=(self),
# execution-while-out-of-viewport=(self),
# keyboard-map=(),
# navigation-override=(self),
# '''
[[headers]]
for = "/auth/logout"
[headers.values]
Clear-Site-Data = "'cookies'"
[[headers]]
for = "https://cloudflareinsights.com"
[headers.values]
Access-Control-Allow-Origin = "*"
[[headers]]
for = "*"
[headers.values]
Access-Control-Allow-Origin = "*"