-
Notifications
You must be signed in to change notification settings - Fork 120
/
netlify.toml
51 lines (42 loc) · 2.45 KB
/
netlify.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# Settings in the [build] context are global and are applied to all contexts
# unless otherwise overridden by more specific contexts.
[build]
# Directory to change to before starting a build.
# This is where we will look for package.json/.nvmrc/etc.
base = ""
# Default build command.
command = "sphinx-build -b html source build"
# Directory (relative to root of your repo) that contains the deploy-ready
# HTML files and assets generated by the build. If a base directory has
# been specified, include it in the publish directory path.
publish = "build"
[context.production]
# Production content is pushed to master
# Exit code 0 means that this build will be ignored
# https://docs.netlify.com/configure-builds/file-based-configuration/#ignore-builds
ignore = "true"
[[headers]]
for = "/*"
[headers.values]
# Only allow resources to be loaded from the current origin. Styles make
# also specified inline, and unsafe inline JS script blocks are allowed
# because it's needed for RTD theme navigation and the search function:
# https://github.com/readthedocs/sphinx_rtd_theme/issues/817
# We also allow loading MathJax, which is needed to render math formulas.
Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://cdn.jsdelivr.net/npm/mathjax@3/ 'unsafe-inline'; font-src 'self' https://cdn.jsdelivr.net/npm/mathjax@3/"
# Disable all browser features that we don't need. Unfortunately
# there is no way to specify a default for all directives yet, so
# the list is very long.
# See this for details:
# https://github.com/w3c/webappsec-permissions-policy/issues/189
Permissions-Policy = "ambient-light-sensor=(); autoplay=(); accelerometer=(); camera=(); display-capture=(); document-domain=(); encrypted-media=(); fullscreen=(); gyroscope=(); magnetometer=(); microphone=(); midi=(); payment=(); picture-in-picture=(); sync-xhr=(); usb=(); wake-lock=(); xr-spatial-tracking=()"
# Don't send the Referrer header over insecure connections (when
# linking to HTTP sites)
Referrer-Policy = "no-referrer-when-downgrade"
# Disable mime-type sniffing (probably not relevant without user
# uploads,but doesn't hurt either)
X-Content-Type-Options = "nosniff"
# Prohibit framing to prevent clickjacking attacks
X-Frame-Options = "DENY"
# Stop page from loading if a reflected XSS attack is detected
X-XSS-Protection = "1; mode=block"