From 5b57cf4afc37c5a8fc180ce81b7fae7da8cf4d5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tao=20Bojl=C3=A9n?=
 <2803708-tao_oat@users.noreply.gitlab.com>
Date: Mon, 18 May 2020 18:30:40 +0100
Subject: [PATCH 1/3] add security headers to netlify frontend

---
 netlify.toml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index 5b70f41..f7dee33 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -16,3 +16,11 @@
   to = "/index.html"
   status = 200
 
+[[headers]]
+  for = "/*"
+  [headers.values]
+  X-Content-Type-Options = "nosniff"
+  X-Frame-Options = "DENY"
+  X-XSS-Protection = "1"
+  Content-Security-Policy = "default-src 'self' https://*.fediverse.space"
+

From a61754d388d539adef50432aeaf6d6d41d311143 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tao=20Bojl=C3=A9n?=
 <2803708-tao_oat@users.noreply.gitlab.com>
Date: Mon, 18 May 2020 19:05:10 +0100
Subject: [PATCH 2/3] remove inline js from production build

---
 netlify.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index f7dee33..30a27e7 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -2,6 +2,9 @@
   base = "frontend/"
   publish = "frontend/build/"
 
+[build.environment]
+  INLINE_RUNTIME_CHUNK = "false"
+
 [context.develop.environment]
   REACT_APP_STAGING = "true"
 

From b2439237c21c5561393c169d474b486fc3749d1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tao=20Bojl=C3=A9n?=
 <2803708-tao_oat@users.noreply.gitlab.com>
Date: Mon, 18 May 2020 19:28:20 +0100
Subject: [PATCH 3/3] fix styled-components and CSP

---
 netlify.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index 30a27e7..2caf14b 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -25,5 +25,5 @@
   X-Content-Type-Options = "nosniff"
   X-Frame-Options = "DENY"
   X-XSS-Protection = "1"
-  Content-Security-Policy = "default-src 'self' https://*.fediverse.space"
+  Content-Security-Policy = "default-src 'self' https://*.fediverse.space; style-src 'self' 'unsafe-inline'"