From 85287c68c149570e27adb07f2ad84df2b572d60f Mon Sep 17 00:00:00 2001
From: Rohan Kumar <seirdy@seirdy.one>
Date: Sun, 20 Feb 2022 15:58:11 -0800
Subject: [PATCH] Hugo config: no server headers

I'd rather use an actual web server to test this.
---
 config.toml | 22 +---------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/config.toml b/config.toml
index 6ded6dc..e68b996 100644
--- a/config.toml
+++ b/config.toml
@@ -102,7 +102,7 @@ excludeSources = [
 ]
 
 # addresses that we don't want to send webmentions to
-# other schemes and stuff that's I link to too often
+# other schemes and stuff that I link to too often
 excludeDestinations = [
   "mailto:",
 	"gemini:",
@@ -111,23 +111,3 @@ excludeDestinations = [
 	"https://useplaintext.email/",
 	"https://seirdy.one",
 ]
-
-[server]
-[[server.headers]]
-for = "/**.{css,png,webp,webm}"
-[server.headers.values]
-X-Content-Type-Options = "nosniff"
-Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
-Cache-Control = "max-age=31557600, immutable"
-[[server.headers]]
-for = "/**"
-[server.headers.values]
-X-Content-Type-Options = "nosniff"
-Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
-Referrer-Policy = "no-referrer"
-X-XSS-Protection = "1; mode=block"
-X-FROG-UNSAFE = "1"
-X-UA-Compatible = "IE=edge"
-Content-Security-Policy = "default-src 'none'; img-src 'self' https://seirdy.one data:; style-src 'unsafe-inline'; script-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; manifest-src 'self'; upgrade-insecure-requests;"
-Permissions-Policy = "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
-Cache-Control = "max-age=120, no-transform"