From c88080954c72a59188418598bded142ea1c6565a Mon Sep 17 00:00:00 2001
From: Tixie <admin@glitch.family>
Date: Sun, 29 May 2022 15:35:42 +0200
Subject: [PATCH] Add netlify HTTP headers conf

---
 netlify.toml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 netlify.toml

diff --git a/netlify.toml b/netlify.toml
new file mode 100644
index 0000000..5489383
--- /dev/null
+++ b/netlify.toml
@@ -0,0 +1,13 @@
+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Frame-Options = "DENY"
+    X-XSS-Protection = "1; mode=block"
+    X-Content-Type-Options = "nosniff"
+    Referrer-Policy = "no-referrer-when-downgrade"
+    Content-Security-Policy = "default-src 'none'; style-src 'self'; form-action 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; base-uri 'self';"
+    Feature-Policy = "camera 'none'; display-capture 'none'; document-domain 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'"
+[[headers]]
+  for = "/search"
+  [headers.values]
+    Content-Security-Policy = "default-src 'none'; style-src 'self'; form-action 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; base-uri 'self';"