Commit Graph

27 Commits

Author SHA1 Message Date
Ming Di Leom a232ac27e4
ci(netlify): disallow crawler 2024-09-28 07:19:10 +00:00
Ming Di Leom 57e5c59097
build: temporary allow web crawler to netlify
- for web crawler to see X-Robots-Tag header
- https://www.bing.com/webmasters/help/?topicid=37c07477
2021-02-27 01:45:37 +00:00
MDLeom d6d520dbb3
chore: hexo convention 'npm run build'
- 3d337683d2/package.json (L6)
2020-12-12 08:13:30 +00:00
MDLeom 0b56c776fc
ci(netlify): set NODE_ENV=production 2020-05-17 03:16:30 +01:00
MDLeom f6b2e9813c
ci(gitlab): temporarily stop hexo
- to upload npm cache
- remove snyk from netlify
2020-05-16 06:50:41 +01:00
MDLeom 7f543f2c82
ci(netlify): remove npm modules installation
- Netlify runs it by default
2020-05-04 11:37:36 +01:00
MDLeom 1610386252
ci: remove unnecessary npm update
- updating Node also updates npm
2020-05-04 11:31:30 +01:00
curben 30fe50290c
build: always execute 'npm install'
- https://stackoverflow.com/a/50820392
2019-10-09 20:24:14 +01:00
curben 633f5bc5e8
chore: always update npm 2019-08-23 12:06:25 +09:30
curben d2d627ba27
chore: move hexo-server to dev-deps 2019-08-23 12:02:37 +09:30
curben 955b1d6517
chore(dev-deps): move snyk and renovate to ci scripts 2019-08-08 09:15:01 +09:30
curben 00fbcce468 refactor: unify HTTP header settings into _headers 2019-05-26 15:09:27 +09:30
curben 15048c2d1f fix: search.svg does not load in Firefox due to CSP
* Use default-src 'self' as a workaround
https://pokeinthe.io/2016/04/09/black-icons-with-svg-and-csp/
https://bugzilla.mozilla.org/show_bug.cgi?id=1303364
https://github.com/w3c/webappsec-csp/issues/199
https://github.com/w3c/webappsec-csp/issues/198

* use 'self' instead of localhost and netlify.com
* set other directives to 'none'
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
* font-src neeeds to be whitelisted before using fork-awesome
2019-05-22 12:39:53 +09:30
curben 08fb7897e1 fix: replace 'https' with 'https:' in CSP
https://content-security-policy.com/#source_list
2019-05-22 11:00:00 +09:30
curben 821ac056b7 feat: add CSP via <meta> tag
* <meta> doesn't support frame-ancestors directive
  * '*--curben.netlify.com' is invalid
  * add localhost
  * block-all-mixed-content works with localhost
2019-05-21 14:41:56 +09:30
curben 3954d3891e fix: follow netlify's hsts max-age 2019-05-20 11:52:05 +09:30
curben 98be37f77a feat: harden HTTP headers 2019-05-20 11:15:27 +09:30
curben 46c162b3a1 chore: remove hexo-cli
no longer needed due to 'scripts' method.
fix netlify build due to incorrect npm run
continued from 6cd4456d9a
2018-11-06 18:56:11 +10:30
curben 0e7fbcbd0b Use local package only and replace 'latest' with version number
https://firstdoit.com/no-need-for-globals-using-npm-dependencies-in-npm-scripts-3dfb478908?gi=9f1ea80a068
Specify 'latest' doesn't necessarily install the latest version
https://stackoverflow.com/a/39650983
2018-10-26 17:49:15 +10:30
curben 3f0d87f8aa Remove brotli header
netlify doesn't seem to support it
Revert d15c2d2c7b and 60de0c28c4
2018-10-02 11:38:35 +09:30
curben d15c2d2c7b Add content-type header
so browser knows whether it's js or css
2018-10-02 11:29:54 +09:30
curben 60de0c28c4 Add redirect rule for js and css
set their content-encoding header as br (for brotli compression)
2018-10-02 10:50:05 +09:30
curben 67448d00bb Remove content-encoding header
netlify doesn't seem to support brotli compression
2018-10-01 20:27:40 +09:30
curben 98e6826ade Add custom header config for netlify
https://www.netlify.com/docs/headers-and-basic-auth/
2018-09-30 18:32:26 +09:30
curben 2f76100d24 Move snyk commands to production 2018-09-30 17:36:24 +09:30
curben 2fa83af556 Use proper netlify.toml syntax 2018-09-30 17:25:36 +09:30
curben a4490b765d Prepare for netlify 2018-09-30 17:07:10 +09:30