-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathnetlify.toml
25 lines (24 loc) · 1.21 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Configure Netlify to serve particular headers for certain routes
[[headers]]
# Define which paths this specific [[headers]] block will cover.
for = "/*"
[headers.values]
Referrer-Policy = "strict-origin"
Strict-Transport-Security = "max-age=31557600; includeSubDomains"
X-Content-Type = "nosniff"
X-Content-Type-Options = "nosniff"
X-Frame-Options = "deny"
X-XSS-Protection = "1; mode=block"
# Multi-key header rules are expressed with multi-line strings.
Content-Security-Policy = '''
default-src 'none';
form-action 'none';
frame-ancestors 'none';
font-src 'self';
img-src 'self' data: https://trello-attachments.s3.amazonaws.com https://trello-avatars.s3.amazonaws.com https://trello.com;
media-src 'self';
connect-src 'self' https://api.trello.com;
frame-src https://trello.com;
script-src 'self' https://gist.github.com/mpcowan/2b3068fbaff7033ad1cfebaad5d35c8e.js https://gist.github.com/mpcowan/ba29ff0b6b3691c108726178d9db39f9.js https://p.trellocdn.com/card.min.js https://p.trellocdn.com/card-polyfilled.min.js https://p.trellocdn.com/embed.min.js;
style-src 'self' 'unsafe-inline' https://p.trellocdn.com https://github.githubassets.com;
'''