netlify.toml

[build]
  publish = "./public"
  command = "npm run bootstrap && npx netlify-lambda build lambda/ && npm run build"
  functions = "./functions"

[[headers]]
  # Define which paths this specific [[headers]] block will cover.
  for = "/*"

  [headers.values]
    Strict-Transport-Security = '''
    max-age=31536000;
    includeSubDomains;'''

    Content-Security-Policy = '''
    frame-ancestors
      'self';
    upgrade-insecure-requests;
    script-src
      *
      'self'
      eval:
      data:
      blob:
      'unsafe-inline'
      'unsafe-eval'
      googletagmanager.com;
    style-src
      'self'
      'report-sample'
      'unsafe-inline'
      *;
    object-src
      'none';
    frame-src
      'self'
      *;
    child-src
      'self';
    img-src
      'self'
      data:
      *;
    font-src
      'self'
      data:
      *.cloudfront.net
      fonts.gstatic.com;
    connect-src
      'self'
      *;
    manifest-src
      'self';
    base-uri
      'self';
    form-action
      'self'
      facebook.com;
    media-src
      'self';
    prefetch-src
      'self';
    worker-src
      'none';
    report-uri
      https://o113111.ingest.sentry.io/api/4504169636823040/security/?sentry_key=b0ad7185212c4ea689a404b1b2d0eff5
    '''

# Run `npm run publish` to re-index in algolia
# [context.production]
#   publish = "./public"
#   command = "npm run bootstrap && npx netlify-lambda build lambda/ && npm run publish"
#   functions = "./functions"