I am moving my site and from manual deploys to deploying on a
git push to the
master branch. As part of this, I want to transition from using separate
_redirects to just using TOML. Although my redirects are processed correctly, I see build errors in my headers for branch deploys - related to my CSP directives.
I know TOML is supposed to be simple, but the translation between what CSP expects and what Netlify’s playground says is valid isn’t always so clear.
Logs tell me that strings can’t have newlines, but this doesn’t line up with actual configurations I’ve seen people use.
Where might I be going wrong? - existing TOML file is below:
[[headers]] for = "/* [headers.values] Cache-Control = "no-transform" Content-Security-Policy = "style-src 'self'; default-src 'self'; object-src 'none'; img-src https:; script-src 'self' 'unsafe-inline'; frame-ancestors 'none';" Upgrade-Insecure-Requests = "1" X-Content-Type-Options = "nosniff" X-Frame-Options = "DENY" X-XSS-Protection = "1; mode=block"" [[Netlify]] from = "https://relaxed-meninsky-6eca95.netlify.com" to = "/chrisfinazzo.com" status = 301 force = false [[site]] from = "/www.chrisfinazzo.com" to = "/chrisfinazzo.com" status = 301 force = false