forked from aws-amplify/docs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcustomHttp.yml
17 lines (17 loc) · 1.66 KB
/
customHttp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Custom headers when serving docs through Amplify Hosting
#
# See: https://docs.aws.amazon.com/amplify/latest/userguide/custom-headers.html#setting-custom-headers
customHeaders:
- pattern: '**/*'
headers:
- key: 'Strict-Transport-Security'
value: 'max-age=31536000; includeSubDomains'
- key: 'X-Frame-Options'
value: 'DENY'
- key: 'X-XSS-Protection'
value: '1; mode=block'
- key: 'X-Content-Type-Options'
value: 'nosniff'
- key: 'Content-Security-Policy'
value: "upgrade-insecure-requests; default-src 'none'; style-src 'self' 'unsafe-inline' *.shortbread.aws.dev; font-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://aws.demdex.net https://dpm.demdex.net; connect-src 'self' *.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://a0.awsstatic.com/ https://d2c.aws.amazon.com https://vs.aws.amazon.com https://*.algolia.net https://*.algolianet.com *.amazonaws.com https://aws.amazon.com/ https://d2c-alpha.dse.marketing.aws.a2z.com https://aws-mktg-csds-alpha.integ.amazon.com/ https://alpha.d2c.marketing.aws.dev/ https://aa0.awsstatic.com/; img-src 'self' https://img.shields.io https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://a0.awsstatic.com/ https://alpha.d2c.marketing.aws.dev/ https://aa0.awsstatic.com/; media-src 'self'; script-src 'self' *.shortbread.aws.dev https://a0.awsstatic.com/ https://aa0.awsstatic.com/ https://alpha.d2c.marketing.aws.dev/ https://d2c.aws.amazon.com/;"
# CSP also set in _document.tsx meta tag