-
Notifications
You must be signed in to change notification settings - Fork 0
/
netlify.toml
30 lines (25 loc) · 1.26 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[build]
command = "pnpm build"
functions = "out_functions"
publish = ".next"
[[plugins]]
package = "@netlify/plugin-nextjs"
[[headers]]
# Define which paths this specific [[headers]] block will cover.
for = "/*"
[headers.values]
X-XSS-Protection = "1; mode=block"
Strict-Transport-Security = "max-age=345600; includeSubDomains"
X-Download-Options = "noopen"
X-Content-Type-Options = "nosniff"
Referrer-Policy = "no-referrer, strict-origin-when-cross-origin"
# Content-Security-Policy-Report-Only = "default-src 'self' *.dzcdn.net api.anniemusic.app https://www.google-analytics.com; style-src 'self' 'nonce-r@nd0m'; script-src 'self' 'nonce-r@nd0m'; object-src 'none'; font-src 'self'; img-src 'self' res.cloudinary.com *.scdn.co *.dzcdn.net; frame-src airtable.com; base-uri 'self'; frame-ancestors airtable.com; report-uri https://api.anniemusic.app/api/v1/complaint/csp"
[[headers]]
for = "/.well-known/apple-app-site-association"
[headers.values]
X-XSS-Protection = "1; mode=block"
Strict-Transport-Security = "max-age=345600; includeSubDomains"
X-Download-Options = "noopen"
X-Content-Type-Options = "nosniff"
Referrer-Policy = "no-referrer, strict-origin-when-cross-origin"
Content-Type = "application/json"