-
-
Notifications
You must be signed in to change notification settings - Fork 341
Expand file tree
/
Copy pathnetlify.toml
More file actions
65 lines (57 loc) · 2.08 KB
/
netlify.toml
File metadata and controls
65 lines (57 loc) · 2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
[build.environment]
NODE_OPTIONS = "--max-old-space-size=4096"
[build]
command = "vite build && cp src/instrument.server.mjs dist/server"
publish = "dist/client"
[functions]
directory = "netlify/functions"
# OG image rendering goes through @takumi-rs/wasm (forced via the `module`
# option in src/server/og/generate.server.ts) instead of @takumi-rs/core's
# native napi binding — Netlify's function bundler dropped the platform-
# specific .node optional dep no matter how we configured it, and WASM
# sidesteps the whole binary-resolution dance. The .wasm asset isn't part
# of the JS import graph, so include it explicitly.
included_files = [
"public/fonts/Inter-Regular.ttf",
"public/fonts/Inter-ExtraBold.ttf",
"public/fonts/Inter-Black.ttf",
"public/images/logos/splash-dark.png",
"node_modules/.pnpm/@takumi-rs+wasm@*/node_modules/@takumi-rs/wasm/pkg/takumi_wasm_bg.wasm",
]
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-Content-Type-Options = "nosniff"
X-XSS-Protection = "1; mode=block"
Referrer-Policy = "strict-origin-when-cross-origin"
Permissions-Policy = "camera=(), microphone=(), geolocation=()"
[[headers]]
for = "/*"
[headers.values]
Strict-Transport-Security = "max-age=31536000; includeSubDomains"
# WebContainer requires SharedArrayBuffer which needs COOP/COEP headers
# Only apply to /builder to avoid breaking external resources on other pages
[[headers]]
for = "/builder"
[headers.values]
Cross-Origin-Opener-Policy = "same-origin"
Cross-Origin-Embedder-Policy = "require-corp"
[[headers]]
for = "/builder/*"
[headers.values]
Cross-Origin-Opener-Policy = "same-origin"
Cross-Origin-Embedder-Policy = "require-corp"
# Reverse-proxy Google Analytics through our own origin so requests are
# first-party (escapes hostname-based ad blockers, longer-lived cookies,
# cleaner CSP). gtag.js is told to use this prefix as its transport_url.
[[redirects]]
from = "/_a/gtag.js"
to = "https://www.googletagmanager.com/gtag/js?id=G-JMT1Z50SPS"
status = 200
force = true
[[redirects]]
from = "/_a/g/collect"
to = "https://www.google-analytics.com/g/collect"
status = 200
force = true