Commit Graph

15 Commits

Author SHA1 Message Date
curben 15048c2d1f fix: search.svg does not load in Firefox due to CSP
* Use default-src 'self' as a workaround
https://pokeinthe.io/2016/04/09/black-icons-with-svg-and-csp/
https://bugzilla.mozilla.org/show_bug.cgi?id=1303364
https://github.com/w3c/webappsec-csp/issues/199
https://github.com/w3c/webappsec-csp/issues/198

* use 'self' instead of localhost and netlify.com
* set other directives to 'none'
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
* font-src neeeds to be whitelisted before using fork-awesome
2019-05-22 12:39:53 +09:30
curben 08fb7897e1 fix: replace 'https' with 'https:' in CSP
https://content-security-policy.com/#source_list
2019-05-22 11:00:00 +09:30
curben 821ac056b7 feat: add CSP via <meta> tag
* <meta> doesn't support frame-ancestors directive
  * '*--curben.netlify.com' is invalid
  * add localhost
  * block-all-mixed-content works with localhost
2019-05-21 14:41:56 +09:30
curben 3954d3891e fix: follow netlify's hsts max-age 2019-05-20 11:52:05 +09:30
curben 98be37f77a feat: harden HTTP headers 2019-05-20 11:15:27 +09:30
curben 46c162b3a1 chore: remove hexo-cli
no longer needed due to 'scripts' method.
fix netlify build due to incorrect npm run
continued from 6cd4456d9a
2018-11-06 18:56:11 +10:30
curben 0e7fbcbd0b Use local package only and replace 'latest' with version number
https://firstdoit.com/no-need-for-globals-using-npm-dependencies-in-npm-scripts-3dfb478908?gi=9f1ea80a068
Specify 'latest' doesn't necessarily install the latest version
https://stackoverflow.com/a/39650983
2018-10-26 17:49:15 +10:30
curben 3f0d87f8aa Remove brotli header
netlify doesn't seem to support it
Revert d15c2d2c7b and 60de0c28c4
2018-10-02 11:38:35 +09:30
curben d15c2d2c7b Add content-type header
so browser knows whether it's js or css
2018-10-02 11:29:54 +09:30
curben 60de0c28c4 Add redirect rule for js and css
set their content-encoding header as br (for brotli compression)
2018-10-02 10:50:05 +09:30
curben 67448d00bb Remove content-encoding header
netlify doesn't seem to support brotli compression
2018-10-01 20:27:40 +09:30
curben 98e6826ade Add custom header config for netlify
https://www.netlify.com/docs/headers-and-basic-auth/
2018-09-30 18:32:26 +09:30
curben 2f76100d24 Move snyk commands to production 2018-09-30 17:36:24 +09:30
curben 2fa83af556 Use proper netlify.toml syntax 2018-09-30 17:25:36 +09:30
curben a4490b765d Prepare for netlify 2018-09-30 17:07:10 +09:30