Nooshu · December 27, 2024 00:02
diff --git a/netlify.toml b/netlify.toml
 [[headers]]
  for = "/*"
  [headers.values]
    Access-Control-Allow-Origin = "https://nooshu.com"
    Cache-Control = "public, s-maxage=31536000, max-age=31536000"
    Content-Security-Policy = "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests"
    Cross-Origin-Opener-Policy = "same-origin"
    Permissions-Policy = "accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()"
    Referrer-Policy = "strict-origin-when-cross-origin"
    Cross-Origin-Resource-Policy = "cross-origin"
    Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
    X-Content-Type-Options = "nosniff"
    X-DNS-Prefetch-Control = "off"
    X-Frame-Options = "DENY"
    X-Permitted-Cross-Domain-Policies = "none"
    Origin-Agent-Cluster = "?1"
	[[headers]]
	for = "/*"
	[headers.values]
	Access-Control-Allow-Origin = "https://nooshu.com"
	Cache-Control = "public, s-maxage=31536000, max-age=31536000"
	Content-Security-Policy = "base-uri 'self';child-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://v1.indieweb-avatar.11ty.dev/;font-src 'self';form-action 'self' https://webmention.io https://submit-form.com/DmOc8anHq;frame-ancestors;frame-src 'self' https://player.vimeo.com/ https://www.slideshare.net/ https://www.youtube.com/ https://giscus.app/ https://www.google.com/;manifest-src 'self';media-src 'self';object-src 'none';script-src 'self' https://giscus.app/ https://www.google.com/ https://www.gstatic.com/;style-src 'self' 'unsafe-inline' https://giscus.app/;worker-src 'self';upgrade-insecure-requests"
	Cross-Origin-Opener-Policy = "same-origin"
	Permissions-Policy = "accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()"
	Referrer-Policy = "strict-origin-when-cross-origin"
	Cross-Origin-Resource-Policy = "cross-origin"
	Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
	X-Content-Type-Options = "nosniff"
	X-DNS-Prefetch-Control = "off"
	X-Frame-Options = "DENY"
	X-Permitted-Cross-Domain-Policies = "none"
	Origin-Agent-Cluster = "?1"