From 88391da8add1054a35dc4fde17dbef0f78b77709 Mon Sep 17 00:00:00 2001
From: Rui Chen <rui@chenrui.dev>
Date: Tue, 7 May 2024 23:33:40 -0400
Subject: [PATCH 1/2] feat: add netlify.toml

Signed-off-by: Rui Chen <rui@chenrui.dev>

fix vuepress dist path

Signed-off-by: Rui Chen <rui@chenrui.dev>
---
 netlify.toml                               | 31 ++++++++++++++++++++++
 runatlantis.io/.vuepress/public/_redirects |  2 --
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 netlify.toml
 delete mode 100644 runatlantis.io/.vuepress/public/_redirects

diff --git a/netlify.toml b/netlify.toml
new file mode 100644
index 0000000000..cb8d277e98
--- /dev/null
+++ b/netlify.toml
@@ -0,0 +1,31 @@
+# Netlify Config, https://www.netlify.com/docs/netlify-toml-reference/
+[build]
+  base    = "/"
+  publish = "runatlantis.io/.vuepress/dist/"
+  command = "pnpm website:build"
+
+[[redirects]]
+  from = "/guide/getting-started.html"
+  to = "/guide/"
+  status = 301
+  force = true
+
+[[redirects]]
+  from = "/docs/atlantis-yaml-reference.html"
+  to = "/docs/repo-level-atlantis-yaml.html"
+  status = 301
+  force = true
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Frame-Options = "DENY"
+    X-XSS-Protection = "1; mode=block"
+    Content-Security-Policy = "default-src 'self'"
+    Cache-Control = "public, max-age=0, must-revalidate"
+    Strict-Transport-Security = "max-age=31536000"
+
+[[headers]]
+  for = "*.html"
+  [headers.values]
+    Content-Type = "text/html; charset=UTF-8"
diff --git a/runatlantis.io/.vuepress/public/_redirects b/runatlantis.io/.vuepress/public/_redirects
deleted file mode 100644
index a025dc528b..0000000000
--- a/runatlantis.io/.vuepress/public/_redirects
+++ /dev/null
@@ -1,2 +0,0 @@
-/guide/getting-started.html /guide/
-/docs/atlantis-yaml-reference.html /docs/repo-level-atlantis-yaml.html

From e5b59b97d46f4759e38f8f658f8e698b002c631e Mon Sep 17 00:00:00 2001
From: Rui Chen <rui@chenrui.dev>
Date: Tue, 7 May 2024 23:46:46 -0400
Subject: [PATCH 2/2] update csp and cache-control

Signed-off-by: Rui Chen <rui@chenrui.dev>
---
 netlify.toml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/netlify.toml b/netlify.toml
index cb8d277e98..4d47cbdf4e 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -21,9 +21,11 @@
   [headers.values]
     X-Frame-Options = "DENY"
     X-XSS-Protection = "1; mode=block"
-    Content-Security-Policy = "default-src 'self'"
-    Cache-Control = "public, max-age=0, must-revalidate"
-    Strict-Transport-Security = "max-age=31536000"
+    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:"
+    Cache-Control = "public, max-age=86400, must-revalidate"
+    Strict-Transport-Security = "max-age=86400; includeSubDomains; preload"
+    Referrer-Policy = "no-referrer"
+    X-Content-Type-Options = "nosniff"
 
 [[headers]]
   for = "*.html"