-
Notifications
You must be signed in to change notification settings - Fork 118
/
netlify.toml
22 lines (19 loc) · 1.21 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[build]
command = "yarn build:with-prefix"
functions = "/functions"
[[headers]]
for = "/*"
[headers.values]
Content-Security-Policy = "default-src 'self'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.segment.io *.google-analytics.com *.googletagmanager.com *.netlify.app data: platform.twitter.com hcaptcha.com *.hcaptcha.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com hcaptcha.com *.hcaptcha.com; img-src * data:; font-src 'self' fonts.gstatic.com; connect-src 'self' *.segment.io *.google-analytics.com *.netlify.app *.algolia.net api.github.com webmention.io hcaptcha.com *.hcaptcha.com storybook.us18.list-manage.com; frame-src app.netlify.com *.widgetbot.io *.youtube.com *.youtube-nocookie.com platform.twitter.com upscri.be hcaptcha.com *.hcaptcha.com *.chromatic.com stackblitz.com; media-src * data:;"
Referrer-Policy = "strict-origin-when-cross-origin"
Permissions-Policy = ""
X-Content-Type-Options = "nosniff"
X-XSS-Protection = "1; mode=block"
[[headers]]
for = "/releases/iframe/*"
[headers.values]
Content-Security-Policy = "frame-ancestors *"
[[headers]]
for = "/blog/*"
[headers.values]
Content-Security-Policy = "frame-ancestors *"