forked from kodadot/nft-gallery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
netlify.toml
50 lines (43 loc) · 1.74 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
[build.environment]
NODE_VERSION = "18"
NPM_FLAGS = "--version" # prevent Netlify npm install
[build]
# This will be your default build command.
command = "pnpm run generate:pnpm"
# This is the directory that you are publishing from.
publish = "dist"
# This is where Netlify will look for your lambda functions.
functions = "src-functions"
[functions]
node_bundler = "esbuild"
[dev]
command = "npx pnpm dev"
port = 9000
targetPort = 9090
[context.deploy-preview]
command = 'export BASE_URL=$DEPLOY_PRIME_URL && env && npm run generate:pnpm'
[context.production]
command = 'export BASE_URL=$URL && env && npm run generate:pnpm'
[[redirects]]
from = "/*"
to = "/index.html"
status = 200
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block"
# Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.
Referrer-Policy = "strict-origin-when-cross-origin"
# Don't load any resource type not explicitly enabled
# Disable plugins like Flash or Silverlight
# Load images, scripts, stylesheets and fonts from self
## Content-Security-Policy = "upgrade-insecure-requests" <- this did not work tho
# Prevent browsers from incorrectly detecting non-scripts as scripts
X-Content-Type-Options = "nosniff"
# Block site from being framed with X-Frame-Options and CSP
Content-Security-Policy = "frame-ancestors 'self';"
# Basic one if one above won't work
# Content-Security-Policy = "default-src 'self';"
# For future testing, refer to https://github.com/kodadot/nft-gallery/issues/540
# Permissions-Policy = "interest-cohort=()"