Skip to content

Instantly share code, notes, and snippets.

View Nooshu's full-sized avatar

Matt Hobbs Nooshu

63 followers · 17 following
View GitHub Profile
@Nooshu
Nooshu / header-generator.js
Created September 1, 2025 22:25
Header generator file stripped of all comments used in my "Asset fingerprinting and the preload header in 11ty" blog post
import fs from 'fs';
import path from 'path';
export function generatePreloadHeaders() {
console.log('🔗 Generating preload headers for CSS files...');
const cssDir = path.join('./_site', 'css');
if (!fs.existsSync(cssDir)) {
console.log('CSS directory not found, skipping header generation');
return;
@Nooshu
Nooshu / CSP-11ty-dev.js
Last active February 9, 2025 20:46
This is the code I used to tweak my CSP response header on my local development environment.
// This is my site's Content Security Policy.
// Modify this CSP, don't just copy / paste it! It will break your site!
// You can also use `var` and `let` depending on your coding syntax, they all work
const CSP = `
base-uri 'self';
child-src 'self';
connect-src 'none';
default-src 'none';
img-src 'self' https://v1.indieweb-avatar.11ty.dev/;
font-src 'self';
@Nooshu
Nooshu / feed.txt.njk
Created January 28, 2025 23:18
The Nunjucks template I use to output my plaintext RSS feed in 11ty 3.0.0
---
permalink: feed/feed.txt
eleventyComputed:
layout: null
---
# {{ metadata.title }} - {{ metadata.author.name }} - {{ metadata.description }}
## {{ metadata.fulldescription }}
URL: {{ metadata.url }}
{% for post in collections.posts | reverse -%}
@Nooshu
Nooshu / css-manipulation.js
Created January 22, 2025 22:56
CSS manipulation version with Brotli 11 compression, file fingerprinting and renaming back to the .css extension for use with Eleventy v3.0.0.
import zlib from 'zlib';
import dotenv from "dotenv";
import CleanCSS from 'clean-css';
import fs from 'fs';
import crypto from 'crypto';
import path from 'path';
dotenv.config();
// An example of how you could add additional CleanCSS settings if required
const cleanCSS = new CleanCSS({
@Nooshu
Nooshu / css-manipulation.js
Created January 21, 2025 23:05
The modified version of my CSS manipulation shortcode for 11ty v3.x now with fingerprinting and static Brotli compression on Cloudflare pages.
import zlib from 'zlib';
import dotenv from "dotenv";
import CleanCSS from 'clean-css';
import fs from 'fs';
import crypto from 'crypto';
import path from 'path';
dotenv.config();
// An example of how you could add additional CleanCSS settings if required
const cleanCSS = new CleanCSS({
@Nooshu
Nooshu / css-manipulation.js
Last active November 2, 2025 16:17
ESM manipulation file I use on my 11ty v3.0.0 blog for manipulating my CSS.
// CSS Manipulation Module for Eleventy
// Processes, minifies, and compresses CSS with cache busting and Brotli compression
import crypto from "crypto";
import fs from "fs";
import path from "path";
import { brotliCompressSync } from "zlib";
import CleanCSS from "clean-css";
@Nooshu
Nooshu / nginx.conf
Created December 27, 2024 00:50
Nginx location block only version of the _headers file
location / {
add_header Access-Control-Allow-Origin "https://nooshu.com" always;
add_header Cache-Control "public, s-maxage=31536000, max-age=31536000" always;
add_header Content-Security-Policy "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests" always;
add_header Cross-Origin-Opener-Policy "same-origin" always;
add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(
@Nooshu
Nooshu / nginx.conf
Created December 27, 2024 00:45
A complete nginx.conf file for use on DigitalOcean.
http {
include mime.types;
default_type application/octet-stream;
# Security headers
map $sent_http_content_type $x_content_type_options {
default "nosniff";
}
server {
@Nooshu
Nooshu / .htaccess
Created December 27, 2024 00:41
InfinityFree version of the _headers file
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "https://nooshu.com"
Header set Cache-Control "public, s-maxage=31536000, max-age=31536000"
Header set Content-Security-Policy "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests"
Header set Cross-Origin-Opener-Policy "same-origin"
Header set Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=()
@Nooshu
Nooshu / firebase.json
Created December 27, 2024 00:38
A Firebase version of the _headers file
{
"hosting": {
"headers": [
{
"source": "**",
"headers": [
{
"key": "Access-Control-Allow-Origin",
"value": "https://nooshu.com"
},