virtualsupporttalks/netlify.toml at main · HerrBertling/virtualsupporttalks · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
[build]
command = "npm run build"
publish = "build/client"

[dev]
command = "npm run dev"
framework = "vite"

# Set immutable caching for static files, because they have fingerprinted filenames

[[headers]]
for = "/build/*"
[headers.values]
  "Cache-Control" = "public, max-age=31560000, immutable"

[[headers]]
for = "/fonts/*"
[headers.values]
  "Cache-Control" = "public, max-age=31560000, immutable"

[[headers]]
for = "/*"
[headers.values]
  "Cache-Control" = "public, max-age=0, must-revalidate"
  "Netlify-CDN-Cache-Control" = "public, s-maxage=3600, stale-while-revalidate=604800, durable"

# API endpoints must never be CDN-cached. The global /* rule would otherwise
# let stale 301s or other pre-deploy responses pin here for the SWR window.
[[headers]]
for = "/api/*"
[headers.values]
  "Cache-Control" = "private, no-store"
  "Netlify-CDN-Cache-Control" = "private, no-store"

# Password-gated admin routes return coach PII on POST. POST is uncacheable
# per HTTP spec, but pin it explicitly so the form GET and any future loader
# response can't land in the durable CDN either.
[[headers]]
for = "/*/admin/*"
[headers.values]
  "Cache-Control" = "private, no-store"
  "Netlify-CDN-Cache-Control" = "private, no-store"

# Sets the gdprConsent cookie on POST. Never cache.
[[headers]]
for = "/enable-analytics"
[headers.values]
  "Cache-Control" = "private, no-store"
  "Netlify-CDN-Cache-Control" = "private, no-store"