I am moving my site and from manual deploys to deploying on a git push
to the master
branch. As part of this, I want to transition from using separate _headers
and _redirects
to just using TOML. Although my redirects are processed correctly, I see build errors in my headers for branch deploys - related to my CSP directives.
I know TOML is supposed to be simple, but the translation between what CSP expects and what Netlify’s playground says is valid isn’t always so clear.
Logs tell me that strings can’t have newlines, but this doesn’t line up with actual configurations I’ve seen people use.
Where might I be going wrong? - existing TOML file is below:
[[headers]]
for = "/*
[headers.values]
Cache-Control = "no-transform"
Content-Security-Policy = "style-src 'self';
default-src 'self';
object-src 'none';
img-src https:;
script-src 'self'
'unsafe-inline';
frame-ancestors 'none';"
Upgrade-Insecure-Requests = "1"
X-Content-Type-Options = "nosniff"
X-Frame-Options = "DENY"
X-XSS-Protection = "1; mode=block""
[[Netlify]]
from = "https://relaxed-meninsky-6eca95.netlify.com"
to = "/chrisfinazzo.com"
status = 301
force = false
[[site]]
from = "/www.chrisfinazzo.com"
to = "/chrisfinazzo.com"
status = 301
force = false