fix: correct netlify.toml (#11)

* fix: correct netlify.toml

* fix: updated netlify.toml

Author: SunDevil311

_headers

@@ -34,6 +34,7 @@
     "FOSS",
     "Fossify",
     "fossifymessages",
+    "geolocation",
     "Gitea",
     "gmaps",
     "Graphene",
@@ -69,6 +70,7 @@
     "Picsart",
     "prefs",
     "Profilemaker",
+    "publickey",
     "pycache",
     "QKSMS",
     "quickweather",

cspell.json

@@ -1,3 +1,37 @@
 [build]
   command = "mkdocs build --clean --site-dir build"
   publish = "build"
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Content-Security-Policy = """
+      default-src 'self';
+      script-src 'self' 'unsafe-inline';
+      style-src 'self' 'unsafe-inline';
+      img-src 'self' data:;
+      connect-src 'self' https://api.github.com;
+      font-src 'self' data: https://fonts.gstatic.com;
+      form-action 'self';
+      base-uri 'self';
+      object-src 'none';
+      frame-ancestors 'none';
+      upgrade-insecure-requests;
+      report-uri https://csp.netwk.pro/.netlify/functions/csp-report;
+      report-to csp-endpoint;
+    """
+    Report-To = """
+      {
+        "group": "csp-endpoint",
+        "max_age": 10886400,
+        "endpoints": [
+          { "url": "https://csp.netwk.pro/.netlify/functions/csp-report" }
+        ],
+        "include_subdomains": true
+      }
+    """
+    Permissions-Policy = "fullscreen=(self), sync-xhr=(), camera=(), microphone=(), geolocation=(), clipboard-read=(), clipboard-write=(), payment=(), usb=(), hid=(), gamepad=(), serial=(), publickey-credentials-get=(), browsing-topics=()"
+    X-Content-Type-Options = "nosniff"
+    Referrer-Policy = "strict-origin-when-cross-origin"
+    X-Frame-Options = "DENY"
+    Strict-Transport-Security = "max-age=31536000; includeSubDomains"