nfisher/default.yaml

## default.yaml
handlers:
- url: /(.*\.html)
  static_files: public/\1
  upload: public/(.*\.html)
  mime_type: text/html; charset=UTF-8
  secure: always
  expiration: "0d 3m"
  http_headers:
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Content-Security-Policy: default-src 'none'; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com a.gwponline.com; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com a.gwponline.com; img-src 'self' ws1.postescanada-canadapost.ca a.gwponline.com; script-src 'self' a.gwponline.com; connect-src 'self' ws1.postescanada-canadapost.ca; media-src a.gwponline.com
    Referrer-Policy: same-origin
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-Permitted-Cross-Domain-Policies: none
    X-XSS-Protection: 1; mode=block
	handlers:
	- url: /(.*\.html)
	static_files: public/\1
	upload: public/(.*\.html)
	mime_type: text/html; charset=UTF-8
	secure: always
	expiration: "0d 3m"
	http_headers:
	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
	Content-Security-Policy: default-src 'none'; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com a.gwponline.com; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com a.gwponline.com; img-src 'self' ws1.postescanada-canadapost.ca a.gwponline.com; script-src 'self' a.gwponline.com; connect-src 'self' ws1.postescanada-canadapost.ca; media-src a.gwponline.com
	Referrer-Policy: same-origin
	X-Content-Type-Options: nosniff
	X-Frame-Options: deny
	X-Permitted-Cross-Domain-Policies: none
	X-XSS-Protection: 1; mode=block