render.yaml

services:
  - type: web
    name: babasarok # Your website name
    env: static
    # buildCommand: pnpm install; pnpm add popper.js@1.16.1; pnpm tina:build # Build with tina integration
    buildCommand: pnpm install; pnpm add popper.js@1.16.1; pnpm build
    staticPublishPath: ./public
    pullRequestPreviewsEnabled: true # Optional
    buildFilter:
      paths:
        - static/*
        - layouts/*
        - data/*
        - content/*
        - config/*
        - assets/*
        - archetypes/*
        - package.json
        - render.yaml
    headers:
      - path: /*
        name: Strict-Transport-Security
        value: max-age=31536000; includeSubDomains; preload
      - path: /*
        name: X-Content-Type-Options
        value: nosniff
      - path: /*
        name: X-XSS-Protection
        value: 1; mode=block
      - path: /*
        name: Content-Security-Policy
        value: default-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' data:; script-src 'self' www.googletagmanager.com unpkg.com cdn.jsdelivr.net 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk='; style-src 'self' fonts.googleapis.com 'unsafe-inline'
      - path: /*
        name: X-Frame-Options
        value: SAMEORIGIN
      - path: /*
        name: Referrer-Policy
        value: strict-origin
      - path: /*
        name: Feature-Policy
        value: geolocation 'self'
      - path: /*
        name: Cache-Control
        value: public, max-age=2592000
      - path: /*
        name: Access-Control-Allow-Origin
        value: "*"
      - path: /admin/*
        name: Content-Security-Policy
        value: "default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline';"