Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-25 12:34:10 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Configure response headers for Hugo dev server

Browse source 
make the dev server serve response headers which match the live site, for
better testing.
This commit is contained in:
Richard van der Hoff 2022-03-29 14:47:16 +01:00
parent 084db37b09
commit d146bf6590
2 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/_typos.toml vendored
View file

@ -1,5 +1,5 @@
[files] [files]
extend-exclude = ["/themes", "/attic", "/data-definitions", "*.css", "package-lock.json"] extend-exclude = ["/themes", "/attic", "/data-definitions", "*.css", "syntax.scss", "package-lock.json"]
[default] [default]
check-filename = true check-filename = true

16
config.toml
View file

@ -88,3 +88,19 @@ rendered_data_collapsed = false
url = "https://twitter.com/matrixdotorg" url = "https://twitter.com/matrixdotorg"
icon = "fab fa-twitter" icon = "fab fa-twitter"
desc = "Matrix on Twitter" desc = "Matrix on Twitter"
# configuration for the hugo development server
[server]
# set HTTP response headers to match the production site. Compare the Apache config for `spec.matrix.org`.
[[server.headers]]
for = '/**'
[server.headers.values]
Content-Security-Policy = "default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; media-src 'self'; child-src 'self'; form-action 'self'; object-src 'self'"
X-XSS-Protection = "1; mode=block"
X-Content-Type-Options = "nosniff"
# Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
X-Frame-Options = "sameorigin"
Access-Control-Allow-Origin = "*"
Access-Control-Allow-Methods = "GET"