Configure HTTP Headers (#2021)

2025-01-19 12:01:36 -05:00 · 2023-02-24 10:17:46 -06:00 · 2023-02-24 10:17:46 -06:00 · 561f6a7463
commit 561f6a7463
parent 23b7effac9
2 changed files with 16 additions and 4 deletions
--- a/mkdocs.production.yml
+++ b/mkdocs.production.yml
@ -2,10 +2,8 @@ INHERIT: mkdocs.yml
 plugins:
  meta: {}
  privacy:
-    external_assets_exclude:
-      - cdn.jsdelivr.net/npm/mathjax@3/*
-      - api.privacyguides.net/*
-      - giscus.app/*
+    external_assets_exclude: ['https://cdn.jsdelivr.net/npm/mathjax@3/*', 'https://api.privacyguides.net/*']
+    external_links_noopener: true
  git-committers:
    enabled: !ENV [PRODUCTION, false]
    repository: privacyguides/privacyguides.org
--- a/netlify.toml
+++ b/netlify.toml
@ -5,6 +5,20 @@
 [context.production.environment]
    PRODUCTION = "true"

+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Frame-Options = "DENY"
+    X-XSS-Protection = "0"
+    X-Content-Type-Options = "nosniff"
+    Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+    Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org https://api.privacyguides.net 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src data: 'self'; connect-src https://api.github.com https://api.privacyguides.net 'self'"
+
+[[headers]]
+  for = "/about/donate/"
+  [headers.values]
+    Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org https://api.privacyguides.net 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://api.privacyguides.net 'self'; frame-src https://opencollective.com"
+
 [[redirects]]
    from = "/.well-known/matrix/*"
    to = "https://matrix.privacyguides.org/.well-known/matrix/:splat"