Skip to content

Instantly share code, notes, and snippets.

@softplus
Last active Apr 17, 2021
Embed
What would you like to do?
Sample firebase.json configuration with common security & caching headers
{
"hosting": {
"public": "public",
"ignore": [
"firebase.json",
"**/.*",
"**/node_modules/**"
],
"headers": [ {
"source": "**/*.@(eot|otf|ttf|ttc|woff|font.css|woff2)",
"headers": [ {
"key": "Access-Control-Allow-Origin",
"value": "*"
} ]
}, {
"source": "**/*.@(jpg|jpeg|gif|png|webp|ttf|woff|woff2|ico|zip)",
"headers": [ {
"key": "Cache-Control",
"value": "max-age=604800"
} ]
}, {
"source": "**/*.@(css|js|json)",
"headers": [ {
"key": "Cache-Control",
"value": "max-age=604800"
} ]
}, {
"source": "404.html",
"headers": [ {
"key": "Cache-Control",
"value": "max-age=604800"
} ]
},
{
"source": "**",
"headers": [ {
"key": "X-Content-Type-Options",
"value": "nosniff"
}, {
"key": "X-Frame-Options",
"value": "SAMEORIGIN"
}, {
"key": "X-XSS-Protection",
"value": "1; mode=block"
}, {
"key": "Content-Security-Policy",
"value": "default-src 'self'; child-src 'none'; script-src https://cdnjs.cloudflare.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
}, {
"key": "Referrer-Policy",
"value": "origin-when-cross-origin"
}
]
} ]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment