netlify.toml

[[redirects]]
from = "/*"
to = "/index.html"
status = 200


[[headers]]
# Define which paths this specific [[headers]] block will cover.
for = "/*"

[headers.values]
# X-Content-Type-Options controls whether browsers attempt to detect
# the content type, rather than relyihng on the Content-Type header.
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
X-Content-Type-Options = "nosniff"

# Strict-Transport-Security to require HTTPS connections in supported
# browsers. These settings are required to be eligible for inclusion
# in the HSTS Preload list; see: https://hstspreload.org/
Strict-Transport-Security = """\
      max-age=31536000; \
      includeSubDomains; \
      preload \
      """

# Content-Security-Policy to prevent XSS attacks.

Content-Security-Policy = """ \
      default-src \
            * \
            ; \

      script-src \
            'self' \
            'unsafe-eval' \
            'unsafe-inline' \
            https://aleysian-prefect.cs29.force.com \
            https://c.la1-c1cs-ph2.salesforceliveagent.com \
            https://c.la1-c2-ia2.salesforceliveagent.com \
            https://cdn.lr-ingest.io \
            https://d.la1-c1cs-ph2.salesforceliveagent.com \
            https://d.la1-c2-ia2.salesforceliveagent.com \
            https://d.la1-c2-ph2.salesforceliveagent.com \
            https://d.la2-c1-ia5.salesforceliveagent.com \
            https://d.la3-c1cs-ia2.salesforceliveagent.com 
            https://d.la3-c1cs-ia5.salesforceliveagent.com \
            https://js.stripe.com \
            https://partial-prefect.cs1.force.com \
            https://prefect--aleysian.my.salesforce.com \
            https://prefect--partial.my.salesforce.com \
            https://prefect--partial.sandbox.my.salesforce.com \
            https://prefect--partial.sandbox.my.site.com \
            https://prefect.force.com \
            https://prefect.my.salesforce-site.com \
            https://prefect.my.salesforce.com \
            https://prefect.my.site.com \
            https://service.force.com \
            https://static.lightning.force.com \
            ; \
      
      script-src-elem \
            'self' \
            'unsafe-eval' \
            'unsafe-inline' \
            https://aleysian-prefect.cs29.force.com \
            https://c.la1-c1cs-ph2.salesforceliveagent.com \
            https://c.la1-c2-ia2.salesforceliveagent.com \
            https://cdn.lr-ingest.io \
            https://d.la1-c1cs-ph2.salesforceliveagent.com \
            https://d.la1-c2-ia2.salesforceliveagent.com \
            https://d.la1-c2-ph2.salesforceliveagent.com \
            https://d.la2-c1-ia5.salesforceliveagent.com \
            https://d.la3-c1cs-ia2.salesforceliveagent.com 
            https://d.la3-c1cs-ia5.salesforceliveagent.com \
            https://js.stripe.com \
            https://partial-prefect.cs1.force.com \
            https://prefect--aleysian.my.salesforce.com \
            https://prefect--partial.my.salesforce.com \
            https://prefect--partial.sandbox.my.salesforce.com \
            https://prefect--partial.sandbox.my.site.com \
            https://prefect.force.com \
            https://prefect.my.salesforce-site.com \
            https://prefect.my.salesforce.com \
            https://prefect.my.site.com \
            https://service.force.com \
            https://static.lightning.force.com \
            ; \

      img-src \
            * \
            data: \
            ; \

      style-src \
            'self' \
            'unsafe-inline' \
            https://aleysian-prefect.cs29.force.com \
            https://c.la1-c1cs-ph2.salesforceliveagent.com \
            https://c.la1-c2-ia2.salesforceliveagent.com \
            https://cdn.lr-ingest.io \
            https://d.la1-c1cs-ph2.salesforceliveagent.com \
            https://d.la1-c2-ia2.salesforceliveagent.com \
            https://d.la1-c2-ph2.salesforceliveagent.com \
            https://d.la2-c1-ia5.salesforceliveagent.com \
            https://d.la3-c1cs-ia2.salesforceliveagent.com 
            https://d.la3-c1cs-ia5.salesforceliveagent.com \
            https://js.stripe.com \
            https://partial-prefect.cs1.force.com \
            https://prefect--aleysian.my.salesforce.com \
            https://prefect--partial.my.salesforce.com \
            https://prefect--partial.sandbox.my.salesforce.com \
            https://prefect--partial.sandbox.my.site.com \
            https://prefect.force.com \
            https://prefect.my.salesforce-site.com \
            https://prefect.my.salesforce.com \
            https://prefect.my.site.com \
            https://service.force.com \
            https://static.lightning.force.com \
            ; \
      
      style-src-elem \
            'self' \
            'unsafe-inline' \
            https://aleysian-prefect.cs29.force.com \
            https://c.la1-c1cs-ph2.salesforceliveagent.com \
            https://c.la1-c2-ia2.salesforceliveagent.com \
            https://cdn.lr-ingest.io \
            https://d.la1-c1cs-ph2.salesforceliveagent.com \
            https://d.la1-c2-ia2.salesforceliveagent.com \
            https://d.la1-c2-ph2.salesforceliveagent.com \
            https://d.la2-c1-ia5.salesforceliveagent.com \
            https://d.la3-c1cs-ia2.salesforceliveagent.com 
            https://d.la3-c1cs-ia5.salesforceliveagent.com \
            https://js.stripe.com \
            https://partial-prefect.cs1.force.com \
            https://prefect--aleysian.my.salesforce.com \
            https://prefect--partial.my.salesforce.com \
            https://prefect--partial.sandbox.my.salesforce.com \
            https://prefect--partial.sandbox.my.site.com \
            https://prefect.force.com \
            https://prefect.my.salesforce-site.com \
            https://prefect.my.salesforce.com \
            https://prefect.my.site.com \
            https://service.force.com \
            https://static.lightning.force.com \
            ; \

      font-src \
            data: \
            'self' \
            ; \

      frame-ancestors \
            'self' \
            ; \
      
      frame-src \
            'self' \
            https://*.okta.com \
            https://*.prefect.io \
            https://js.stripe.com \
            https://prefect--partial.my.salesforce.com \
            https://prefect--partial.sandbox.my.salesforce.com \
            https://prefect.auth0.com \
            https://prefect.my.salesforce.com \
            https://service.force.com \
            ; \

      child-src \
            data: \
            blob: \
            ; \

      worker-src \
            'self' \
            data: \
            blob: \
            ; \
      """

# Referrer-Policy controls the Referer header in requests.
#
# same-origin allows analytics tools to understand user journeys.
Referrer-Policy = "same-origin"

# X-Permitted-Cross-Domain-Policies controls whether this site can be
# embedded into Flash applications or PDF documents.
X-Permitted-Cross-Domain-Policies = "none"

# Permissions-Policy controls the features that the site can request.
#
# https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/
# https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
#
# payment
#   https://js.stripe.com - supports PaymentRequest
Permissions-Policy = """\
      accelerometer=(), \
      ambient-light-sensor=(), \
      autoplay=(), \
      battery=(), \
      camera=(), \
      cross-origin-isolated=(), \
      display-capture=(), \
      document-domain=(), \
      encrypted-media=(), \
      execution-while-not-rendered=(), \
      execution-while-out-of-viewport=(), \
      fullscreen=(), \
      geolocation=(), \
      gyroscope=(), \
      hid=(), \
      idle-detection=(), \
      magnetometer=(), \
      microphone=(), \
      midi=(), \
      navigation-override=(), \
      payment=(self "https://js.stripe.com"), \
      picture-in-picture=(), \
      publickey-credentials-get=(), \
      screen-wake-lock=(), \
      serial=(), \
      sync-xhr=(), \
      usb=(), \
      web-share=(), \
      xr-spatial-tracking=() \
      """