Nicola Zambello
6e6948b4fd
All checks were successful
Docker CI / release (push) Successful in 3m52s
49 lines
1.4 KiB
JavaScript
49 lines
1.4 KiB
JavaScript
import { defineConfig } from 'astro/config';
|
|
|
|
// https://astro.build/config
|
|
export default defineConfig({
|
|
site: 'https://nzambello.dev',
|
|
output: 'static',
|
|
server: {
|
|
headers: {
|
|
// Content Security Policy
|
|
'Content-Security-Policy': [
|
|
"default-src 'self'",
|
|
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://umami.nzambello.dev",
|
|
"style-src 'self' 'unsafe-inline' https://unpkg.com",
|
|
"img-src 'self' data: https:",
|
|
"font-src 'self' https://unpkg.com",
|
|
"connect-src 'self' https://umami.nzambello.dev",
|
|
"media-src 'self'",
|
|
"object-src 'none'",
|
|
"base-uri 'self'",
|
|
"form-action 'self'",
|
|
"frame-ancestors 'none'",
|
|
"upgrade-insecure-requests"
|
|
].join('; '),
|
|
|
|
// HTTP Strict Transport Security
|
|
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload',
|
|
|
|
// X-Content-Type-Options
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
|
// X-Frame-Options
|
|
'X-Frame-Options': 'DENY',
|
|
|
|
// Referrer Policy
|
|
'Referrer-Policy': 'strict-origin-when-cross-origin',
|
|
|
|
// X-XSS-Protection (for older browsers)
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
|
// Permissions Policy
|
|
'Permissions-Policy': 'camera=(), microphone=(), geolocation=(), payment=()',
|
|
|
|
// Remove server information
|
|
'Server': '',
|
|
'X-Powered-By': ''
|
|
}
|
|
}
|
|
});
|