netlify.toml

# Auto-generated file - do not modify
[build]
  command = 'npm run build:example'
  publish = 'exampleSite/public'

  [build.environment]
    DART_SASS_VERSION = '1.83.1'
    HUGO_ENABLEGITINFO = 'true'
    HUGO_ENV = 'production'
    HUGO_VERSION = '0.140.2'
    NODE_VERSION = '22.12.0'
    NPM_VERSION = '10.9.0'

[context]
  [context.branch-deploy]
    command = 'npm run build:example -- -b $DEPLOY_PRIME_URL'

  [context.deploy-preview]
    command = 'npm run build:example -- -b $DEPLOY_PRIME_URL'

[dev]
  autoLaunch = false
  command = 'npm run start:example'
  framework = '#custom'
  port = 8888
  publish = 'public'
  targetPort = 1313

[[plugins]]
  package = '@gethinode/netlify-plugin-dartsass'

[[plugins]]
  package = 'netlify-plugin-hugo-cache-resources'

[[headers]]
  for = '/**'

  [headers.values]
    Access-Control-Allow-Origin = '*'
    Content-Security-Policy = """
        base-uri 'self'; \
        connect-src 'self' *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com; \
        default-src 'none'; \
        font-src 'self' fonts.gstatic.com data:; \
        form-action 'self'; \
        frame-src *.googletagmanager.com player.cloudinary.com www.youtube-nocookie.com www.youtube.com player.vimeo.com; \
        img-src 'self' *.google-analytics.com *.googletagmanager.com googletagmanager.com ssl.gstatic.com www.gstatic.com data: *.imgix.net *.imagekit.io *.cloudinary.com i.ytimg.com tile.openstreetmap.org i.vimeocdn.com; \
        manifest-src 'self'; \
        media-src 'self'; \
        object-src 'none'; \
        script-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com googletagmanager.com tagmanager.google.com player.vimeo.com; \
        style-src 'self' googletagmanager.com tagmanager.google.com fonts.googleapis.com www.youtube.com; \
        """
    Permissions-Policy = 'geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(), payment=() '
    Referrer-Policy = 'strict-origin'
    Strict-Transport-Security = 'max-age=31536000; includeSubDomains; preload'
    X-Content-Type-Options = 'nosniff'
    X-Frame-Options = 'SAMEORIGIN'
    X-XSS-Protection = '1; mode=block'
    cache-control = 'max-age=0, no-cache, no-store, must-revalidate '