fix(netlify): fix GIT_SUBMODULE_STRATEGY indent + add security headers (#220)

romanchaa997 · web-flow · commit 30ec81772b91 · 2026-05-01T19:20:32.000+03:00
Updated security headers and added strict transport security.

Signed-off-by: Igor &lt;romanchaa997@gmail.com&gt;
diff --git a/netlify.toml b/netlify.toml
@@ -6,7 +6,7 @@
   NODE_VERSION = "18"
   GIT_LFS_ENABLED = "false"
   PNPM_FLAGS = "--no-frozen-lockfile"
-    GIT_SUBMODULE_STRATEGY = "none"
+  GIT_SUBMODULE_STRATEGY = "none"
 
 # Build settings with correct pnpm commands
 [context.production]
@@ -27,12 +27,8 @@
   for = "/*"
   [headers.values]
     X-Frame-Options = "DENY"
-    X-XSS-Protection = "1; mode=block"
     X-Content-Type-Options = "nosniff"
     Referrer-Policy = "strict-origin-when-cross-origin"
-    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: https:; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https:;"
-
-[[headers]]
-  for = "/assets/*"
-  [headers.values]
-    Cache-Control = "public, max-age=31536000, immutable"
+    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; connect-src 'self' https:"
+    Permissions-Policy = "camera=(), microphone=(), geolocation=()"
+    Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"
