clean up a few headers, redirects, scripts

content/_index.html

@@ -1,6 +1,6 @@
 ---
 title: "Jake Jarvis – Front-End Web Developer in Boston, MA"
-date: 2020-03-28 19:20:31-0400
+date: 2020-04-05 15:46:35-0400
 type: home
 ---
 

layouts/index.headers

@@ -1,12 +1,11 @@
 # Sensible default security headers
-#  - More info: https://scotthelme.co.uk/hardening-your-http-response-headers/
-#  - Test website: https://securityheaders.com/
 /*
   Referrer-Policy: strict-origin-when-cross-origin
   X-Content-Type-Options: nosniff
   X-Frame-Options: sameorigin
+  X-XSS-Protection: 1; mode=block
 
-# Super long cache for web fonts and Twemojis (one year)
+# Super long cache (one year) for vendored assets: web fonts, emojis, etc.
 /vendor/*
   Cache-Control: max-age=31536000, public, immutable
 

layouts/partials/head/webmention.html

@@ -1,2 +1,2 @@
-<link rel="webmention" href="{{ "ping/webmention" | absURL }}">
-<link rel="pingback" href="{{ "ping/xmlrpc" | absURL }}">
+<link rel="webmention" href="https://webmention.io/jarv.is/webmention">
+<link rel="pingback" href="https://webmention.io/jarv.is/xmlrpc">

netlify.toml

@@ -31,7 +31,7 @@
 
 # https://github.com/netlify/cli/blob/master/docs/netlify-dev.md#netlifytoml-dev-block
 [dev]
-  command = "yarn start"
+  command = "yarn start --baseURL / --appendPort=false"
   port = 1338
   targetPort = 1337
   publish = "public"
@@ -41,18 +41,6 @@
 # The most important headers and redirects are specified in the _headers and
 # _redirects files generated by Hugo. These are additional custom rules.
 
-# Custom security headers
-[[headers]]
-  for = "/*"
-  [headers.values]
-    # Report-To = "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://jarvis.report-uri.com/a/d/g\"}]}"
-    # NEL = "{\"report_to\":\"default\",\"max_age\":604800}"
-    # Content-Security-Policy = "default-src 'none'; script-src 'self' platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com buttons.github.io assets.codepen.io production-assets.codepen.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com assets-cdn.github.com github.githubassets.com; img-src 'self' data: https:; font-src 'self' fonts.gstatic.com; form-action 'self'; child-src 'self' www.youtube.com www.youtube-nocookie.com twitter.com syndication.twitter.com platform.twitter.com codepen.io cdpn.io; frame-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'self'; worker-src 'none'; connect-src 'self' jarvis.report-uri.com syndication.twitter.com api.github.com; upgrade-insecure-requests; report-uri https://jarvis.report-uri.com/r/d/csp/enforce; report-to default"
-    # Feature-Policy = "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; sync-xhr 'none'; payment 'none'; usb 'none'; vr 'none'"
-    X-XSS-Protection = "1; mode=block"   # ; report=https://jarvis.report-uri.com/r/d/xss/enforce
-    X-Pingback = "https://jarv.is/ping/xmlrpc"
-    X-Got-Milk = "2%"
-
 # PGP file: open in browser, download correctly
 [[headers]]
   for = "/jarvis.asc"
@@ -68,6 +56,12 @@
   [headers.values]
     Content-Type = "text/plain; charset=UTF-8"
 
+# 🐄
+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Got-Milk = "2%"
+
 # Redirect Netlify and www subdomains to primary domain:
 [[redirects]]
   from = "https://jakejarvis.netlify.com/*"
@@ -163,35 +157,24 @@
   to = "/me_large.jpg"
   status = 200
 
-# Send pingbacks to https://webmention.io
-[[redirects]]
-  from = "/xmlrpc.php"
-  to = "https://webmention.io/jarv.is/xmlrpc"
-  status = 200
-[[redirects]]
-  from = "/ping/*"
-  to = "https://webmention.io/jarv.is/:splat"
-  status = 200
-# fixes manual form submission
-[[redirects]]
-  from = "/jarv.is/webmention"
-  to = "https://webmention.io/jarv.is/webmention"
-  status = 200
-
 # H A C K E R M A N ( ͡° ͜ʖ ͡°)
 [[redirects]]
   from = "*/wp-login.php"
   to = "/403.html"
   status = 403
+  force = true
 [[redirects]]
   from = "*/wp-admin/*"
   to = "/403.html"
   status = 403
+  force = true
 [[redirects]]
   from = "/login"
   to = "/403.html"
   status = 403
+  force = true
 [[redirects]]
   from = "*/login.php"
   to = "/403.html"
   status = 403
+  force = true

package.json

@@ -16,12 +16,12 @@
   "scripts": {
     "clean": "rimraf public/ resources/ builds/",
     "build": "run-s clean hugo optimize",
-    "build:preview": "run-s clean hugo:dev optimize:emoji",
+    "build:preview": "run-s clean hugo:dev optimize:junk",
     "hugo": "hugo --gc --cleanDestinationDir --verbose",
-    "hugo:dev": "hugo --environment development --baseURL \"${DEPLOY_PRIME_URL:-/}\" --buildDrafts --buildFuture --gc --cleanDestinationDir --verbose",
+    "hugo:dev": "hugo --environment development --baseURL ${DEPLOY_PRIME_URL:-/} --buildDrafts --buildFuture --gc --cleanDestinationDir --verbose",
     "start": "hugo server --disableFastRender --buildDrafts --buildFuture --port 1337 --bind 0.0.0.0 --verbose",
     "optimize": "run-s optimize:**",
-    "optimize:emoji": "rimraf public/vendor/emoji/{*.html,72x72}",
+    "optimize:junk": "rimraf public/vendor/emoji/{*.html,72x72} public/*/amp.html",
     "optimize:html": "html-minifier --html5 --collapse-whitespace --collapse-boolean-attributes --preserve-line-breaks --minify-css --file-ext html --input-dir public --output-dir public **/*.html",
     "optimize:img": "find ./public -type d ! -path './public/vendor*' | xargs -n1 -P8 -I{} imagemin {}/* --plugin=jpegoptim --plugin.jpegoptim.progressive --plugin.jpegoptim.stripAll --plugin=pngquant --plugin.pngquant.speed=5 --plugin.pngquant.strip --plugin=optipng --plugin.optipng.optimizationLevel=2 --plugin=gifsicle --plugin=svgo --out-dir={}",
     "lint": "run-s lint:**",