1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-27 14:12:09 +00:00

Hugo config: no server headers

I'd rather use an actual web server to test this.
This commit is contained in:
Rohan Kumar 2022-02-20 15:58:11 -08:00
parent 41d5ea1b4d
commit 85287c68c1
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479

View file

@ -102,7 +102,7 @@ excludeSources = [
] ]
# addresses that we don't want to send webmentions to # addresses that we don't want to send webmentions to
# other schemes and stuff that's I link to too often # other schemes and stuff that I link to too often
excludeDestinations = [ excludeDestinations = [
"mailto:", "mailto:",
"gemini:", "gemini:",
@ -111,23 +111,3 @@ excludeDestinations = [
"https://useplaintext.email/", "https://useplaintext.email/",
"https://seirdy.one", "https://seirdy.one",
] ]
[server]
[[server.headers]]
for = "/**.{css,png,webp,webm}"
[server.headers.values]
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
Cache-Control = "max-age=31557600, immutable"
[[server.headers]]
for = "/**"
[server.headers.values]
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
Referrer-Policy = "no-referrer"
X-XSS-Protection = "1; mode=block"
X-FROG-UNSAFE = "1"
X-UA-Compatible = "IE=edge"
Content-Security-Policy = "default-src 'none'; img-src 'self' https://seirdy.one data:; style-src 'unsafe-inline'; script-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; manifest-src 'self'; upgrade-insecure-requests;"
Permissions-Policy = "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
Cache-Control = "max-age=120, no-transform"