jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-07-18 22:15:32 -04:00
Code Issues Activity

clean up a few headers, redirects, scripts

Browse Source
This commit is contained in:
Jake Jarvis
2020-04-05 15:50:41 -04:00
parent 22c7e76e51
commit b69461c306
5 changed files with 19 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
netlify.toml
View File

@@ -31,7 +31,7 @@
# https://github.com/netlify/cli/blob/master/docs/netlify-dev.md#netlifytoml-dev-block
[dev]
command = "yarn start"
command = "yarn start --baseURL / --appendPort=false"
port = 1338
targetPort = 1337
publish = "public"
@@ -41,18 +41,6 @@
# The most important headers and redirects are specified in the _headers and
# _redirects files generated by Hugo. These are additional custom rules.
# Custom security headers
[[headers]]
for = "/*"
[headers.values]
# Report-To = "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://jarvis.report-uri.com/a/d/g\"}]}"
# NEL = "{\"report_to\":\"default\",\"max_age\":604800}"
# Content-Security-Policy = "default-src 'none'; script-src 'self' platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com buttons.github.io assets.codepen.io production-assets.codepen.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com assets-cdn.github.com github.githubassets.com; img-src 'self' data: https:; font-src 'self' fonts.gstatic.com; form-action 'self'; child-src 'self' www.youtube.com www.youtube-nocookie.com twitter.com syndication.twitter.com platform.twitter.com codepen.io cdpn.io; frame-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'self'; worker-src 'none'; connect-src 'self' jarvis.report-uri.com syndication.twitter.com api.github.com; upgrade-insecure-requests; report-uri https://jarvis.report-uri.com/r/d/csp/enforce; report-to default"
# Feature-Policy = "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; sync-xhr 'none'; payment 'none'; usb 'none'; vr 'none'"
X-XSS-Protection = "1; mode=block" # ; report=https://jarvis.report-uri.com/r/d/xss/enforce
X-Pingback = "https://jarv.is/ping/xmlrpc"
X-Got-Milk = "2%"
# PGP file: open in browser, download correctly
[[headers]]
for = "/jarvis.asc"
@@ -68,6 +56,12 @@
[headers.values]
Content-Type = "text/plain; charset=UTF-8"
# 🐄
[[headers]]
for = "/*"
[headers.values]
X-Got-Milk = "2%"
# Redirect Netlify and www subdomains to primary domain:
[[redirects]]
from = "https://jakejarvis.netlify.com/*"
@@ -163,35 +157,24 @@
to = "/me_large.jpg"
status = 200
# Send pingbacks to https://webmention.io
[[redirects]]
from = "/xmlrpc.php"
to = "https://webmention.io/jarv.is/xmlrpc"
status = 200
[[redirects]]
from = "/ping/*"
to = "https://webmention.io/jarv.is/:splat"
status = 200
# fixes manual form submission
[[redirects]]
from = "/jarv.is/webmention"
to = "https://webmention.io/jarv.is/webmention"
status = 200
# H A C K E R M A N ( ͡° ͜ʖ ͡°)
[[redirects]]
from = "*/wp-login.php"
to = "/403.html"
status = 403
force = true
[[redirects]]
from = "*/wp-admin/*"
to = "/403.html"
status = 403
force = true
[[redirects]]
from = "/login"
to = "/403.html"
status = 403
force = true
[[redirects]]
from = "*/login.php"
to = "/403.html"
status = 403
force = true