website/netlify.toml

# see netlify.toml.old for the old config before ari.lt

[[redirects]]
    from = "/*"
    to = "https://ari.lt/:splat"
    status = 301
    force = true

[[headers]]
    for = "/api/*"

    [headers.values]
        Access-Control-Allow-Origin = "*"
        Access-Control-Allow-Methods = "GET"

[[headers]]
    for = "/api_hash/*"

    [headers.values]
        Access-Control-Allow-Origin = "*"
        Access-Control-Allow-Methods = "GET"

[[headers]]
    for = "/*"

    [headers.values]
        Strict-Transport-Security = "max-age=0"
        X-Frame-Options = "deny"
        X-Content-Type-Options = "nosniff"
        Content-Security-Policy = "upgrade-insecure-requests"
        X-Permitted-Cross-Domain-Policies = "none"
        Referrer-Policy = "no-referrer"