[build] publish = "public" command = "npm run abridge -- '--base-url https://abridge.netlify.app'" [build.environment] ZOLA_VERSION = "0.19.1" [context.deploy-preview] command = "npm run abridge -- '--drafts --base-url https://abridge.netlify.app'" [[headers]] for = "/*" [headers.values] X-Frame-Options = "DENY" X-Content-Type-Options = "nosniff" X-XSS-Protection = "1; mode=block" Referrer-Policy = "strict-origin-when-cross-origin" Strict-Transport-Security = "max-age=63072000; includeSubdomains" # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy (disabled everything except autoplay, local-fonts, screen-wake-lock, speaker-selection) # opt out of Federated Learning of Cohorts (aka "FLoC") - https://amifloced.org/ Permissions-Policy = "interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), serial=(), storage-access=(), sync-xhr=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()" Content-Security-Policy = "default-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; manifest-src 'self'; worker-src 'self'; form-action 'self'; connect-src 'self' *.hyvor.com ws://*.hyvor.com; script-src 'self' talk.hyvor.com; img-src 'self' data: talk.hyvor.com cdn.cloudflare.com; frame-src 'self' www.youtube-nocookie.com player.vimeo.com streamable.com www.streamable.com; media-src 'self' data: cdn.cloudflare.com www.youtube-nocookie.com player.vimeo.com; font-src 'self' cdn.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com; style-src 'self' talk.hyvor.com cdn.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com;" [[headers]] for = "*.js"#javascript [headers.values] Cache-Control = "public, max-age=604800, must-revalidate" [[headers]] for = "*.css"#stylesheet [headers.values] Cache-Control = "public, max-age=604800, must-revalidate" [[headers]] for = "*.svg"#image/favicon [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.png"#image/favicon [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.ico"#image/favicon [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.jpg"#image [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.jpeg"#image [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.gif"#image [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.webp"#image [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.avif"#image [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.mp4"#video [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.webm"#video [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.mp3"#audio [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.ogg"#audio [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.otf"#font [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.eot"#font [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.ttf"#font [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.woff"#font [headers.values] Cache-Control = "public, max-age=604800" [[headers]] for = "*.woff2"#font [headers.values] Cache-Control = "public, max-age=604800"