github.com/thanos-io/thanos@v0.32.5/netlify.toml

github.com/thanos-io/thanos@v0.32.5/netlify.toml (about)

     1  [Settings]
     2  
     3  # All netfliy options should be defined here. UI options should stay empty.
     4  
     5  [build]
     6  base = ""
     7  publish = "website/public"
     8  
     9  # Our Makefile builds Hugo, but it's faster if Netlify grabs the correct version on their own
    10  # via a simple cURL.
    11  environment = { HUGO_VERSION="v0.101.0" }
    12  
    13  # NOTE: the sleep at the end is to make sure logs are not truncated on error.
    14  command = "(env && make web HUGO=$(which hugo)) || (sleep 30; false)"
    15  
    16  [context.deploy-preview]
    17  
    18  # NOTE: the sleep at the end is to make sure logs are not truncated on error.
    19  command = "(env && make web HUGO=$(which hugo) WEBSITE_BASE_URL=${DEPLOY_PRIME_URL}) || (sleep 30; false)"
    20  
    21  [[headers]]
    22    for = "/*"
    23    [headers.values]
    24      # We don't use iframes. Block them.
    25      X-Frame-Options = "DENY"
    26      # Don't allow Mime-sniffing.
    27      X-Content-Type-Options = "nosniff"
    28      # Add reflective XSS protection.
    29      X-XSS-Protection = "1; mode=block"
    30      # Force HTTPS only.
    31      Strict-Transport-Security = "max-age=31536000; includeSubDomains"
    32      # Load scripts only via HTTPS and from allowed domains.
    33      Content-Security-Policy = "default-src https:; script-src https: 'self' 'nonce-93HDK8392dfjh4Gb' 'unsafe-eval' 'sha256-3qFt4qPvMCWVUpjUxP5X57GBKae6RHYZ0rMjn9WuNF4='; style-src https: 'self' 'sha256-ouaL9aaaKO9mYd9/M+uyzYAL1CrOXJVRjV2nFgbGI2E='; object-src 'self'"
    34      # Only send referred when HTTPS is used.
    35      Referrer-Policy = "strict-origin-when-cross-origin"
    36      # Disable certain magic features, lol.
    37      Feature-Policy = "vibrate none; usermedia *; sync-xhr self"