Matt Hobbs Nooshu
Nooshu
/ CSP-11ty-dev.js
Last active
February 9, 2025 20:46
This is the code I used to tweak my CSP response header on my local development environment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This is my site's Content Security Policy. | |
| // Modify this CSP, don't just copy / paste it! It will break your site! | |
| // You can also use `var` and `let` depending on your coding syntax, they all work | |
| const CSP = ` | |
| base-uri 'self'; | |
| child-src 'self'; | |
| connect-src 'none'; | |
| default-src 'none'; | |
| img-src 'self' https://v1.indieweb-avatar.11ty.dev/; | |
| font-src 'self'; |
Nooshu
/ feed.txt.njk
Created
January 28, 2025 23:18
The Nunjucks template I use to output my plaintext RSS feed in 11ty 3.0.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| permalink: feed/feed.txt | |
| eleventyComputed: | |
| layout: null | |
| --- | |
| # {{ metadata.title }} - {{ metadata.author.name }} - {{ metadata.description }} | |
| ## {{ metadata.fulldescription }} | |
| URL: {{ metadata.url }} | |
| {% for post in collections.posts | reverse -%} |
Nooshu
/ css-manipulation.js
Created
January 22, 2025 22:56
CSS manipulation version with Brotli 11 compression, file fingerprinting and renaming back to the .css extension for use with Eleventy v3.0.0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import zlib from 'zlib'; | |
| import dotenv from "dotenv"; | |
| import CleanCSS from 'clean-css'; | |
| import fs from 'fs'; | |
| import crypto from 'crypto'; | |
| import path from 'path'; | |
| dotenv.config(); | |
| // An example of how you could add additional CleanCSS settings if required | |
| const cleanCSS = new CleanCSS({ |
Nooshu
/ css-manipulation.js
Created
January 21, 2025 23:05
The modified version of my CSS manipulation shortcode for 11ty v3.x now with fingerprinting and static Brotli compression on Cloudflare pages.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import zlib from 'zlib'; | |
| import dotenv from "dotenv"; | |
| import CleanCSS from 'clean-css'; | |
| import fs from 'fs'; | |
| import crypto from 'crypto'; | |
| import path from 'path'; | |
| dotenv.config(); | |
| // An example of how you could add additional CleanCSS settings if required | |
| const cleanCSS = new CleanCSS({ |
Nooshu
/ css-manipulation.js
Last active
January 11, 2025 19:57
ESM manipulation file I use on my 11ty v3.0.0 blog for manipulating my CSS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import dotenv from "dotenv"; | |
| import CleanCSS from 'clean-css'; | |
| import fs from 'fs'; | |
| import crypto from 'crypto'; | |
| import path from 'path'; | |
| dotenv.config(); | |
| // create a single instance of the CleanCSS function | |
| // to be used in file loops. Add additional optimisation settings in here. | |
| const cleanCSS = new CleanCSS({ |
Nooshu
/ nginx.conf
Created
December 27, 2024 00:50
Nginx location block only version of the _headers file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location / { | |
| add_header Access-Control-Allow-Origin "https://nooshu.com" always; | |
| add_header Cache-Control "public, s-maxage=31536000, max-age=31536000" always; | |
| add_header Content-Security-Policy "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests" always; | |
| add_header Cross-Origin-Opener-Policy "same-origin" always; | |
| add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=( |
Nooshu
/ nginx.conf
Created
December 27, 2024 00:45
A complete nginx.conf file for use on DigitalOcean.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| # Security headers | |
| map $sent_http_content_type $x_content_type_options { | |
| default "nosniff"; | |
| } | |
| server { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_headers.c> | |
| Header set Access-Control-Allow-Origin "https://nooshu.com" | |
| Header set Cache-Control "public, s-maxage=31536000, max-age=31536000" | |
| Header set Content-Security-Policy "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests" | |
| Header set Cross-Origin-Opener-Policy "same-origin" | |
| Header set Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "hosting": { | |
| "headers": [ | |
| { | |
| "source": "**", | |
| "headers": [ | |
| { | |
| "key": "Access-Control-Allow-Origin", | |
| "value": "https://nooshu.com" | |
| }, |
Nooshu
/ static.json
Created
December 27, 2024 00:36
Heroku static.json version of the _headers file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "headers": { | |
| "/*": { | |
| "Access-Control-Allow-Origin": "https://nooshu.com", | |
| "Cache-Control": "public, s-maxage=31536000, max-age=31536000", | |
| "Content-Security-Policy": "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests", | |
| "Cross-Origin-Opener-Policy": "same-origin", | |
| "Permissions-Policy": "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geoloca |
NewerOlder