[build]
    command = "CI=1 NOCLR=1 python3 ./scripts/blog.py static"

[[redirects]]
    from = "/git/*"
    to = "https://ari.lt/lh/blog.ari.lt/:splat"
    status = 301
    force = true

[[redirects]]
    from = "/favicon.ico"
    to = "https://ari.lt/favicon.ico"
    status = 200
    force = true

[[redirects]]
    from = "/blogs/:blog"
    to = "https://legacy.blog.ari.lt/blogs/:blog"
    status = 301
    force = true

[[redirects]]
    from = "/c"
    to = "https://user.ari.lt/"
    status = 301
    force = true

[[redirects]]
    from = "/netlify.toml"
    to = "https://ari.lt/404.blog.xyz"
    status = 404
    force = true

[[redirects]]
    from = "/visit"
    to = "https://us.ari.lt/counter/@ari/kpnuBU0qISQlfR7cSNwwg9oW8654-RguVrXh9JOBGo3EP1-bm7aF9ROuQO6Jqesk.svg?fill=%23f9f6e8"
    status = 301
    force = true

[[redirects]]
    from = "/*"
    to = "https://ari.lt/404.blog.xyz"
    status = 404
    force = false

# This has been replaced, currently I'm looking how
# JavaScript blocking is affecting my statistics
# as it seems like most people are much more interested
# in the legacy blog, not sure why, but it might have
# something to do with the content blocking features
# that is JavaScript blocking, even though both
# the legacy blog and the non-legacy blogs have JavaScript
# blocking

# Content-Security-Policy = "upgrade-insecure-requests; sandbox; script-src 'sha512-v'; object-src 'none';"

[[headers]]
    for = "/rss.xml"

    [headers.values]
        Content-Type = "application/xml+rss"

[[headers]]
    for = "/blog.json"

    [headers.values]
        Access-Control-Allow-Origin = "*"
        Access-Control-Allow-Methods = "GET"

[[headers]]
    for = "/blog_json_hash.txt"

    [headers.values]
        Access-Control-Allow-Origin = "*"
        Access-Control-Allow-Methods = "GET"

[[headers]]
    for = "/recents_json_hash.txt"

    [headers.values]
        Access-Control-Allow-Origin = "*"
        Access-Control-Allow-Methods = "GET"

[[headers]]
    for = "/recents.json"

    [headers.values]
        Access-Control-Allow-Origin = "*"
        Access-Control-Allow-Methods = "GET"

[[headers]]
    for = "/*"

    [headers.values]
        Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
        X-Frame-Options = "deny"
        X-Content-Type-Options = "nosniff"
        Content-Security-Policy = "upgrade-insecure-requests"
        X-Permitted-Cross-Domain-Policies = "none"
        Referrer-Policy = "no-referrer"