From 98be37f77a0b67ae54f394afd02bf2a3dd10f69d Mon Sep 17 00:00:00 2001
From: curben <curben@users.noreply.gitlab.com>
Date: Mon, 20 May 2019 11:15:27 +0930
Subject: [PATCH 1/2] feat: harden HTTP headers

---
 netlify.toml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index 62e3f03..1a66a62 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -8,3 +8,7 @@
     X-Frame-Options = "DENY"
     X-XSS-Protection = "1; mode=block"
     X-Content-Type-Options = "nosniff"
+    Content-Security-Policy = "default-src https; script-src https://cdnjs.cloudflare.com https://curben.netlify.com https://*--curben.netlify.com 'unsafe-inline'; style-src https://cdnjs.cloudflare.com https://curben.netlify.com https://*--curben.netlify.com; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'"
+    Referrer-Policy = "no-referrer"
+    Strict-Transport-Security = "max-age=604800"
+    Feature-Policy = "accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'"
\ No newline at end of file

From 3954d3891ec8bef67be14cd829863aea875eaa66 Mon Sep 17 00:00:00 2001
From: curben <curben@users.noreply.gitlab.com>
Date: Mon, 20 May 2019 11:52:05 +0930
Subject: [PATCH 2/2] fix: follow netlify's hsts max-age

---
 netlify.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index 1a66a62..7166265 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -10,5 +10,5 @@
     X-Content-Type-Options = "nosniff"
     Content-Security-Policy = "default-src https; script-src https://cdnjs.cloudflare.com https://curben.netlify.com https://*--curben.netlify.com 'unsafe-inline'; style-src https://cdnjs.cloudflare.com https://curben.netlify.com https://*--curben.netlify.com; block-all-mixed-content; form-action 'none'; frame-ancestors 'none'"
     Referrer-Policy = "no-referrer"
-    Strict-Transport-Security = "max-age=604800"
+    Strict-Transport-Security = "max-age=31536000"
     Feature-Policy = "accelerometer 'none'; autoplay 'none'; camera 'none'; document.domain 'none'; display-capture 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'"
\ No newline at end of file