diff --git a/exampleSite/config/production/params.toml b/exampleSite/config/production/params.toml new file mode 100644 index 00000000..ff9eb062 --- /dev/null +++ b/exampleSite/config/production/params.toml @@ -0,0 +1,10 @@ +# Production-specific parameters for exampleSite + +[modules.hinode.csp] + # The exampleSite is deployed as demo.gethinode.com and is embedded as a live + # preview by the showcase pages on gethinode.com. Without this, the inherited + # theme default (frame-ancestors 'self') makes the browser refuse the iframe. + frame-ancestors = [ + "'self'", + "gethinode.com" + ] diff --git a/exampleSite/go.mod b/exampleSite/go.mod index ce71e822..7893c518 100644 --- a/exampleSite/go.mod +++ b/exampleSite/go.mod @@ -5,10 +5,10 @@ go 1.19 require ( github.com/FortAwesome/Font-Awesome v0.0.0-20260625220317-70fb2dd154b6 // indirect github.com/cloudcannon/bookshop/hugo/v3 v3.18.5 // indirect - github.com/gethinode/mod-blocks/v2 v2.0.1 // indirect + github.com/gethinode/mod-blocks/v2 v2.1.0 // indirect github.com/gethinode/mod-bootstrap-icons/v2 v2.0.0 // indirect github.com/gethinode/mod-cookieyes/v2 v2.2.6 // indirect - github.com/gethinode/mod-docs v1.14.1 // indirect + github.com/gethinode/mod-docs v1.15.0 // indirect github.com/gethinode/mod-fontawesome/v6 v6.0.0 // indirect github.com/gethinode/mod-utils/v6 v6.4.0 // indirect github.com/twbs/icons v1.13.1 // indirect diff --git a/exampleSite/go.sum b/exampleSite/go.sum index 6dfd78b8..f10a96f0 100644 --- a/exampleSite/go.sum +++ b/exampleSite/go.sum @@ -4,12 +4,18 @@ github.com/cloudcannon/bookshop/hugo/v3 v3.18.5 h1:AKWzUQpWcBSbJgHQ/5cfPQtGX40bn github.com/cloudcannon/bookshop/hugo/v3 v3.18.5/go.mod h1:s7mIonDhtsLcn10ZKuVXyqd6BDHI8vT1WQhZw8rPfY8= github.com/gethinode/mod-blocks/v2 v2.0.1 h1:BoHDy2PqZfSQ5kolAjnem2gWOarxVCRzaJZ6owM0oCs= github.com/gethinode/mod-blocks/v2 v2.0.1/go.mod h1:yhZH/AHvPlr1IkYu9GRmhvsLBlyvwpO0T8DvnKUITDw= +github.com/gethinode/mod-blocks/v2 v2.0.3 h1:9jsVov1cJsQhUALVz/E+spSezAf8YGyGnd873VsRM4w= +github.com/gethinode/mod-blocks/v2 v2.0.3/go.mod h1:bqogsRCwVHZlsLN/XZmBC25UmralIvYwmRkAcj3601Q= +github.com/gethinode/mod-blocks/v2 v2.1.0 h1:bW+3p3XpOBk2RtJkWkHvHTo4ovUmQWm1h82VkJx3G90= +github.com/gethinode/mod-blocks/v2 v2.1.0/go.mod h1:bqogsRCwVHZlsLN/XZmBC25UmralIvYwmRkAcj3601Q= github.com/gethinode/mod-bootstrap-icons/v2 v2.0.0 h1:ryXa25d/9mXVcPXhOwMtxtAtFkR0M1EPSIuU0xRRDec= github.com/gethinode/mod-bootstrap-icons/v2 v2.0.0/go.mod h1:0DKJp0goqI0vwOIVa8/yd3tAE0XdUypu1QRoz9K+094= github.com/gethinode/mod-cookieyes/v2 v2.2.6 h1:/DQm8OYpms0On8wuosQER47TplVu/3z7MZHwbBKXCAg= github.com/gethinode/mod-cookieyes/v2 v2.2.6/go.mod h1:tULb7D7CoTycGUyL7ryqHJKaX11XuL2SN+XwP7/DI0Y= github.com/gethinode/mod-docs v1.14.1 h1:+G8IjMi/krhAzvOlB5ODnfQCp6b5ixWyU3D7f/8vdRg= github.com/gethinode/mod-docs v1.14.1/go.mod h1:ru1w0fHqFocjDIMV0dm40OwhBw5k4UncCS8iO/1S5kI= +github.com/gethinode/mod-docs v1.15.0 h1:A/iJ2S2v8Le0u8gdOfpLoss8mDaaJI+gtMNXiws7SyE= +github.com/gethinode/mod-docs v1.15.0/go.mod h1:ru1w0fHqFocjDIMV0dm40OwhBw5k4UncCS8iO/1S5kI= github.com/gethinode/mod-fontawesome/v6 v6.0.0 h1:PrfiMfVEAM5Lpnkp+sXOtOdRSOe3l56z+ngrPcACzlA= github.com/gethinode/mod-fontawesome/v6 v6.0.0/go.mod h1:ayMslv2xpC5cjxUVTkIlFBbOd1LM5ezIr0OSOr6q8Gk= github.com/gethinode/mod-utils/v6 v6.4.0 h1:l49KrawKE/7c6XE00wXQ9T5/kuTfiETerBz6OWn3SJc= diff --git a/netlify.toml b/netlify.toml index 77d481f4..9f16bf5e 100644 --- a/netlify.toml +++ b/netlify.toml @@ -36,18 +36,18 @@ Access-Control-Allow-Origin = '*' Content-Security-Policy = """ base-uri 'self'; \ - connect-src 'self' *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com; \ + connect-src 'self' *.cookieyes.com cdn-cookieyes.com *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com; \ default-src 'none'; \ font-src 'self' fonts.gstatic.com data:; \ form-action 'self'; \ - frame-ancestors 'self'; \ - frame-src *.googletagmanager.com player.cloudinary.com www.youtube-nocookie.com www.youtube.com player.vimeo.com; \ - img-src 'self' *.google-analytics.com *.googletagmanager.com googletagmanager.com ssl.gstatic.com www.gstatic.com data: *.imgix.net *.imagekit.io *.cloudinary.com i.ytimg.com tile.openstreetmap.org i.vimeocdn.com; \ + frame-ancestors 'self' gethinode.com; \ + frame-src *.wikipedia.org www.openstreetmap.org *.googletagmanager.com player.cloudinary.com www.youtube-nocookie.com www.youtube.com player.vimeo.com; \ + img-src 'self' cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com googletagmanager.com ssl.gstatic.com www.gstatic.com data: *.imgix.net *.imagekit.io *.cloudinary.com i.ytimg.com tile.openstreetmap.org i.vimeocdn.com; \ manifest-src 'self'; \ media-src 'self'; \ object-src 'none'; \ - script-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com googletagmanager.com tagmanager.google.com player.vimeo.com; \ - style-src 'self' googletagmanager.com tagmanager.google.com fonts.googleapis.com www.youtube.com 'unsafe-inline'; \ + script-src 'self' cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com googletagmanager.com tagmanager.google.com player.vimeo.com; \ + style-src 'self' 'unsafe-inline' googletagmanager.com tagmanager.google.com fonts.googleapis.com www.youtube.com; \ """ Permissions-Policy = 'geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(), payment=() ' Referrer-Policy = 'strict-origin' @@ -56,3 +56,23 @@ X-XSS-Protection = '1; mode=block' cache-control = 'max-age=0, no-cache, no-store, must-revalidate ' +[[redirects]] + from = '/fr/*' + status = 404 + to = '/fr/404.html' + +[[redirects]] + from = '/nl/*' + status = 404 + to = '/nl/404.html' + +[[redirects]] + from = '/en/*' + status = 404 + to = '/en/404.html' + +[[redirects]] + from = '/*' + status = 404 + to = '/en/404.html' + diff --git a/package.json b/package.json index 763de510..4b4b7702 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "build:debug": "hugo -e debug --debug", "build:headers": "pnpm build:headers:dev && pnpm build:headers:prod", "build:headers:dev": "hugo --renderSegments headers -d prebuild-headers-dev -e development && cpy prebuild-headers-dev/server.toml config/_default/ --flat", - "build:headers:prod": "hugo --renderSegments headers -d prebuild-headers-prod -e production && cpy prebuild-headers-prod/netlify.toml ./ --flat", + "build:headers:prod": "hugo -s exampleSite --renderSegments headers -d prebuild-headers-prod -e production && cpy exampleSite/prebuild-headers-prod/netlify.toml ./ --flat", "build:example:headers": "hugo -s exampleSite --renderSegments headers -d prebuild && cpy exampleSite/prebuild/netlify.toml ./ --flat && cpy exampleSite/prebuild/server.toml exampleSite/config/_default/ --flat", "build:preview": "pnpm build -D -F", "clean:public": "rimraf public exampleSite/public",