forked from monzo/progression-framework
-
Notifications
You must be signed in to change notification settings - Fork 1
/
netlify.toml
30 lines (30 loc) · 1.53 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block"
Referrer-Policy = "strict-origin"
Feature-Policy = "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'self'; picture-in-picture 'none'; speaker 'self'; usb 'none'; vr 'none'"
Content-Security-Policy = "default-src 'self'; script-src 'self' https://www.google-analytics.com 'unsafe-inline'; img-src 'self' data: https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/; style-src 'self' monzo.com fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' data: monzo.com; frame-src 'self'; connect-src 'self'; object-src 'none'; manifest-src 'self'; worker-src 'none'"
[[headers]]
for = "/static/*"
[headers.values]
Cache-Control = "public, max-age=3600"
[[headers]]
for = "/static/fonts/*.woff"
[headers.values]
Access-Control-Allow-Origin = "*"
Content-Type = "application/font-woff"
[[headers]]
for = "/static/fonts/*.woff2"
[headers.values]
Access-Control-Allow-Origin = "*"
Content-Type = "application/font-woff2"
[[headers]]
for = "/static/fonts/*.ttf"
[headers.values]
Access-Control-Allow-Origin = "*"
Content-Type = "application/font-ttf"
[build]
command = "gatsby build"
publish = "public/"