# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. runtime: nodejs14 service: $SERVICE default_expiration: "$CACHE" handlers: - url: /woolaroo/assets/(.*) static_files: assets/\1 upload: assets/(.*) secure: always http_headers: X-Frame-Options: "DENY" Strict-Transport-Security: "max-age=2592000; includeSubdomains" X-Content-Type-Options: "nosniff" X-XSS-Protection: "1; mode=block" Content-Security-Policy: >- default-src 'none'; object-src 'none'; script-src 'self'; connect-src 'self' connect-src 'self'; font-src 'self'; img-src 'self'; style-src 'self'; - url: /woolaroo/(.*\.(js|css|ico|map|json|xml|webmanifest)) static_files: \1 upload: (.*\.(js|css|ico|map|json|xml|webmanifest)) secure: always http_headers: X-Frame-Options: "DENY" Strict-Transport-Security: "max-age=2592000; includeSubdomains" X-Content-Type-Options: "nosniff" X-XSS-Protection: "1; mode=block" Content-Security-Policy: >- default-src 'none'; object-src 'none'; script-src 'self'; connect-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com/ https://australia-southeast1-woolaroo-project.cloudfunctions.net; font-src 'self'; img-src 'self'; style-src 'self'; media-src 'self' https://storage.googleapis.com https://www.googleapis.com; - url: /woolaroo/3rdpartylicenses.txt static_files: 3rdpartylicenses.txt upload: 3rdpartylicenses.txt secure: always http_headers: X-Frame-Options: "DENY" Strict-Transport-Security: "max-age=2592000; includeSubdomains" X-Content-Type-Options: "nosniff" X-XSS-Protection: "1; mode=block" Content-Security-Policy: >- default-src 'self'; - url: /woolaroo/?.* static_files: index.html upload: index.html secure: always expiration: $INDEX_CACHE http_headers: X-Frame-Options: "DENY" Strict-Transport-Security: "max-age=2592000; includeSubdomains" X-Content-Type-Options: "nosniff" X-XSS-Protection: "1; mode=block" Content-Security-Policy: >- default-src 'self'; img-src 'self' blob: data: *.googleusercontent.com https://www.google-analytics.com; frame-src 'self'; object-src 'none'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com/ https://www.google-analytics.com https://apis.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://accounts.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com; connect-src 'self' https://australia-southeast1-woolaroo-project.cloudfunctions.net https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com https://apis.google.com https://*.googleapis.com https://www.googletagmanager.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' https://storage.googleapis.com https://www.googleapis.com; manifest-src 'self';