-
Notifications
You must be signed in to change notification settings - Fork 0
/
netlify.toml
31 lines (29 loc) · 1.21 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[build]
publish = "public"
command = "zola build"
[build.environment]
# Set the version name that you want to use and Netlify will automatically use it.
ZOLA_VERSION = "0.18.0"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-Content-Type-Options = "nosniff"
X-XSS-Protection = "1; mode=block"
Referrer-Policy = "strict-origin-when-cross-origin"
Strict-Transport-Security = "max-age=63072000; includeSubdomains"
# To update the style-src value, run one of the following commands:
# linux (coreutils)
# cksum --algorithm sha256 --base64 < templates/style.css.html | cut -d' ' -f 4
# macOS (should also work on linux if xxd is installed)
# shasum --algorithm 256 templates/style.css.html | cut -d' ' -f 1 | xxd -r -p | base64
# if nothing else works
# openssl dgst -sha256 -binary < templates/style.css.html | openssl enc -base64
# and paste the output after sha256-
Content-Security-Policy = "default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'sha256-p5EfRIhWJi7Zh7WJil3mpIVCZvcu+zebWbMe6B0so8A='; form-action 'none'; base-uri 'self'; frame-ancestors 'none'"
Cross-Origin-Resource-Policy = "same-site"
Cache-Control = '''
max-age=300,
s-maxage=86400,
stale-while-revalidate
'''