jake/jarv.is
jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-04-27 17:50:29 -04:00
Code Issues
jarv.is/netlify.toml
Jake Jarvis 9bb455bd06
fix CSP
2021-02-05 10:11:11 -05:00

250 lines
7.9 KiB
TOML
Raw Blame History

[build]
command = "yarn build"
publish = "public"
functions = ".netlify/functions"
[build.environment]
NODE_VERSION = "14"
YARN_VERSION = "1.22.10"
YARN_FLAGS = "--no-ignore-optional --frozen-lockfile"
# Ensure *only* Pretty URLs are enabled, even though this is already set up in
# the Netlify dashboard.
[build.processing]
skip_processing = false
[build.processing.css]
bundle = false
minify = false
[build.processing.js]
bundle = false
minify = false
[build.processing.html]
pretty_urls = true
[build.processing.images]
compress = false
[context.deploy-preview]
command = "yarn build:functions && yarn build:hugo --environment development --baseURL $DEPLOY_PRIME_URL --buildDrafts --buildFuture"
[context.branch-deploy]
command = "yarn build:functions && yarn build:hugo --environment development --baseURL $DEPLOY_PRIME_URL --buildDrafts --buildFuture"
# https://github.com/netlify/cli/blob/master/docs/netlify-dev.md#netlifytoml-dev-block
[dev]
framework = "#custom"
# only start Hugo, `netlify dev` builds/serves functions itself
command = "yarn start:hugo --port 1338 --baseURL=/ --appendPort=false --disableLiveReload"
# swap ports to keep consistent w/ normal local server
targetPort = 1338
port = 1337
# don't launch browser automatically
autoLaunch = false
# Enable local Netlify build plugins:
[[plugins]]
package = "@netlify/plugin-local-install-core"
# Optimize AMP pages server-side:
# https://github.com/ampproject/amp-toolbox/tree/master/packages/optimizer
# https://github.com/martinbean/netlify-plugin-amp-server-side-rendering
[[plugins]]
package = "./plugins/netlify-plugin-amp-optimizer"
# Cache resoures between builds:
# https://github.com/jakejarvis/netlify-plugin-cache
[[plugins]]
package = "./plugins/netlify-plugin-cache"
[plugins.inputs]
paths = ["resources", "public", "_vendor"]
# List cached resources for debugging:
# [[plugins]]
# package = "netlify-plugin-debug-cache"
[[plugins]]
package = "@algolia/netlify-plugin-crawler"
[plugins.inputs]
branches = ["main"]
mainBranch = "main"
customDomain = "jarv.is"
# The most important headers and redirects are specified in the _headers and
# _redirects files generated by Hugo. These are additional custom rules, mostly
# unrelated to the actual website.
# PGP key: open in browser, download correctly
[[headers]]
for = "/jarvis.asc"
[headers.values]
Cache-Control = "no-cache"
Content-Type = "text/plain; charset=UTF-8"
Content-Disposition = "inline; filename=\"jarvis.asc\""
# Redirect Netlify and www subdomains to primary domain:
[[redirects]]
from = "https://jakejarvis.netlify.com/*"
to = "https://jarv.is/:splat"
status = 301
force = true
[[redirects]]
from = "https://jakejarvis.netlify.app/*"
to = "https://jarv.is/:splat"
status = 301
force = true
[[redirects]]
from = "https://www.jarv.is/*"
to = "https://jarv.is/:splat"
status = 301
force = true
# External API redirects/mirrors:
# Must set `force = true` and wildcard /api/* rule goes last.
## Webmention.io endpoints
[[redirects]]
from = "/api/mention"
to = "https://webmention.io/jarv.is/webmention"
status = 200
force = true
[[redirects]]
from = "/api/ping"
to = "https://webmention.io/jarv.is/xmlrpc"
status = 200
force = true
## Report URI endpoints
[[redirects]]
from = "/api/report"
to = "https://jarvis.report-uri.com/a/d/g"
status = 200
force = true
[[redirects]]
from = "/api/csp_wizard"
to = "https://jarvis.report-uri.com/r/d/csp/enforce"
status = 200
force = true
[[redirects]]
from = "/api/count_view*"
to = "https://starman.fathomdns.com/:splat"
status = 200
force = true
[[headers]]
for = "/*"
[headers.values]
# https://amp.dev/documentation/guides-and-tutorials/optimize-and-measure/secure-pages/
Content-Security-Policy = '''
default-src 'self';
connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.algolianet.com https://*.ampproject.net https://csp-collector.appspot.com/csp/amp https://api.github.com https://starman.fathomdns.com https://platform.twitter.com;
font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;
form-action 'none';
frame-ancestors 'self';
frame-src 'self' https://jakejarvis.github.io https://*.ampproject.net https://cdn.ampproject.org https://app.usefathom.com https://buttons.github.io https://codepen.io https://cdpn.io https://platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com;
img-src 'self' data: https:;
manifest-src 'self';
media-src 'self' data: https:;
object-src 'none';
script-src 'self' 'unsafe-eval' https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/ https://cdn.ampproject.org/rtv/ https://3p.ampproject.net https://buttons.github.io https://starman.fathomdns.com https://gist.github.com https://syndication.twitter.com https://platform.twitter.com https://player.vimeo.com;
style-src 'self' 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://fonts.googleapis.com https://github.githubassets.com;
worker-src 'self';
block-all-mixed-content;
report-uri https://jarv.is/api/csp_wizard;
report-to default'''
NEL = '''
{"report_to":"default","max_age":604800}'''
Report-To = '''
{"group":"default","max_age":604800,"endpoints":[{"url":"https://jarv.is/api/report"}],"include_subdomains":false}'''
# More generic security headers:
Feature-Policy = "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'"
Permissions-Policy = "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
Referrer-Policy = "no-referrer-when-downgrade"
X-Content-Type-Options = "nosniff"
X-Frame-Options = "SAMEORIGIN"
X-XSS-Protection = "1; mode=block"
X-XSS-Pwnage = "<script>alert('oops!');</script>"
X-View-Source = "https://jrvs.io/src"
X-Got-Milk = "2%"
## Prettier URLs for Netlify Functions
[[redirects]]
from = "/api/*"
to = "/.netlify/functions/:splat"
status = 200
# More miscellaneous mirrors/redirects:
[[redirects]]
from = "/blog/*"
to = "/notes/"
status = 301
[[redirects]]
from = "/archives/*"
to = "/notes/"
status = 301
[[redirects]]
from = "/resume"
to = "/resume.pdf"
status = 302
# Fix some 404s after moving files around somewhat recklessly:
[[redirects]]
from = "/keybase.txt"
to = "/.well-known/keybase.txt"
status = 301
[[redirects]]
from = "/img/me_large.jpg"
to = "/img/me.jpg"
status = 301
[[redirects]]
from = "/me.jpg"
to = "/img/me.jpg"
status = 301
[[redirects]]
from = "/me_large.jpg"
to = "/img/me.jpg"
status = 301
# Moved these random sites/projects elsewhere (mostly GitHub Pages) to keep
# this repo and domain squeaky clean:
[[redirects]]
from = "/y2k/*"
to = "https://jakejarvis.github.io/my-first-website/:splat"
status = 302
[[redirects]]
from = "/ios-trackers/*"
to = "https://jakejarvis.github.io/ios-trackers/:splat"
status = 302
[[redirects]]
from = "/awesome/*"
to = "https://synonymsforawesome.com/"
status = 302
[[redirects]]
from = "/hugo-node/*"
to = "https://github.com/jakejarvis/hugo-extended"
status = 302
[[redirects]]
from = "/comp20/*"
to = "https://jakejarvis.github.io/comp20/:splat"
status = 302
[[redirects]]
from = "/scrabble/*"
to = "https://jakejarvis.github.io/scrabble/:splat"
status = 302
# H A C K E R M A N ( ͡° ͜ʖ ͡°)
[[redirects]]
from = "*/wp-admin/*"
to = "/403.html"
status = 403
[[redirects]]
from = "*/admin/*"
to = "/403.html"
status = 403
[[redirects]]
from = "*/wp-login.php"
to = "/403.html"
status = 403
[[redirects]]
from = "*/login.php"
to = "/403.html"
status = 403
[[redirects]]
from = "*/wlwmanifest.xml"
to = "/403.html"
status = 403
[[redirects]]
from = "*/.git/*"
to = "/403.html"
status = 403
View Git Blame Copy Permalink