-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnetlify.toml
31 lines (28 loc) · 1.22 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[build]
command = "npm run build"
publish = "dist"
# Redirect default Netlify subdomain to primary domain
[[redirects]]
from = "https://nicolaos-dot-dev.netlify.com/*"
to = "https://nicolaos.dev/:splat"
status = 301
force = true
[[redirects]]
from = "/*"
to = "/404"
status = 404
[[headers]]
for = "/*"
[headers.values]
# This isn't really needed at the moment since there's no user provided content served on this site,
# but it doesn't hurt and adding it now protects future me from accidentally forgetting to add it
# if I do add a feature that allows for user provided content.
# https://developer.mozilla.org/en-US/docs/Web/Security/Practical_implementation_guides/MIME_types
# https://securityfest.com/speakers/2019/dont-sniff-the-mime/
# https://www.youtube.com/watch?v=8t8JYpt0egE&pp=ygUZZG9uJ3Qgc25pZmYgdGhlIG1pbWUgdHlwZQ%3D%3D
X-Content-Type-Options = "nosniff"
# If being unable to iframe this site breaks a legitamite use case on the web,
# file an issue and let me know: https://github.com/dev-nicolaos/personal-site/issues/new
# Otherwise I'm inclined to air on the side of caution.
# https://developer.mozilla.org/en-US/docs/Web/Security/Practical_implementation_guides/Clickjacking
Content-Security-Policy = "frame-ancestors 'none'"