feat(netlify): add security headers + configurable CSP

Adds some default security headers. CSP is configurable via Params.security.csp.policy (string) and Params.security.csp.report_only (boolean). To enable, add `headers` to config.toml > outputs > home Dedicated Netlify redirects file can also now be generated from front matter `aliases` by adding `redirects` to config.toml > outputs > home, and `disableAliases = true` to config.toml.
2025-07-26 19:15:16 +02:00 · 2021-01-20 00:12:13 +00:00 · 2021-01-20 00:12:13 +00:00 · 2d515e5fa5
commit 2d515e5fa5
parent de6860b8b3
3 changed files with 41 additions and 3 deletions
--- a/wowchemy/config.yaml
+++ b/wowchemy/config.yaml
@ -1,11 +1,23 @@
 mediaTypes:
  application/manifest+json:
-    suffixes:
-      - webmanifest
+    suffixes: [webmanifest]
+  text/netlify:
+    delimiter: ''
+    suffixes: ['']
 outputFormats:
  WebAppManifest:
    mediaType: application/manifest+json
    rel: manifest
+  headers:
+    baseName: _headers
+    isPlainText: true
+    mediatype: text/netlify
+    notAlternative: true
+  redirects:
+    baseName: _redirects
+    isPlainText: true
+    mediatype: text/netlify
+    notAlternative: true
 module:
  hugoVersion:
    min: '0.78.2'
@ -25,7 +37,9 @@ module:
      target: i18n
    - source: archetypes
      target: archetypes
-taxonomies: []
 params:
  theme: minimal
  font: native
+  date_format: 'Jan 2, 2006'
+  time_format: '3:04 PM'
+  address_format: en-us
--- a/wowchemy/layouts/index.headers
+++ b/wowchemy/layouts/index.headers
@ -0,0 +1,15 @@
+{{- $csp_policy := site.Params.security.csp.policy | default "" -}}
+{{- $csp_report_only := site.Params.security.csp.report_only | default false -}}
+# Netlify headers
+# Automatically generated
+# Documentation: http://bit.ly/netlify-deployment
+/*
+  X-Frame-Options: DENY
+  X-XSS-Protection: 1; mode=block
+  X-Content-Type-Options: nosniff
+  Strict-Transport-Security: max-age=31536000; includeSubDomains
+  {{with $csp_policy}}Content-Security-Policy{{if $csp_report_only}}-Report-Only{{end}}: {{.}}{{end}}
+/index.webmanifest
+  Content-Type: application/manifest+json
+/index.xml
+  Content-Type: application/rss+xml
--- a/wowchemy/layouts/index.redirects
+++ b/wowchemy/layouts/index.redirects
@ -0,0 +1,9 @@
+# Netlify redirects
+# Automatically generated
+# Documentation: http://bit.ly/netlify-deployment
+{{- /* Note: code purposely un-indented to preserve required spacing in output. */ -}}
+{{- range $page := where site.AllPages ".Aliases" "!=" nil -}}
+{{- range $page.Aliases }}
+{{ .|relLangURL }} {{ $page.RelPermalink -}}
+{{- end }}
+{{- end -}}