From 083351b990596508e594843ede5ab74290e6f1ac Mon Sep 17 00:00:00 2001
From: Franck Nijhof <frenck@frenck.nl>
Date: Mon, 7 Oct 2019 18:54:55 +0200
Subject: [PATCH] Add Netlify header control to improve CouldFlare caching
 behavior (#10628)

* Add Netlify header control to improve CouldFlare caching behavior

* Add security headers

* Add old school cache busting to Jekyll css/js

* Add a little browser cache to assets to improve speed of pages
---
 _config.yml                               |  3 ++-
 source/_headers                           | 20 ++++++++++++++++++++
 source/_includes/javascripts/scripts.html |  2 +-
 source/_includes/site/head.html           |  4 ++--
 4 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 source/_headers

diff --git a/_config.yml b/_config.yml
index 1fcd8b3c3e8..992531cb00f 100644
--- a/_config.yml
+++ b/_config.yml
@@ -134,5 +134,6 @@ defaults:
 
 # Support for files Jekyll will normally exclude
 include:
-  - ".well-known"
+  - "_headers"
   - "_redirects"
+  - ".well-known"
diff --git a/source/_headers b/source/_headers
new file mode 100644
index 00000000000..fc8bb7936c7
--- /dev/null
+++ b/source/_headers
@@ -0,0 +1,20 @@
+/*
+  Cache-Control: public, max-age: 0, s-max-age=3600, must-revalidate
+  Content-Security-Policy: form-action https:
+  Feature-Policy: vibrate 'none'; geolocation 'none'; midi 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; payment 'none'
+  Referrer-Policy: strict-origin-when-cross-origin
+  X-Content-Type-Options: nosniff
+  X-Frame-Options: DENY
+  X-XSS-Protection: 1; mode=block
+/*.css
+  Cache-Control: public, max-age: 604800, s-max-age=604800
+/*.js
+  Cache-Control: public, max-age: 604800, s-max-age=604800
+/assets/*
+  Cache-Control: public, max-age: 0, s-max-age=604800, must-revalidate
+/fonts/*
+  Cache-Control: public, max-age: 1800, s-max-age=604800, must-revalidate
+/images/*
+  Cache-Control: public, max-age: 1800, s-max-age=604800, must-revalidate
+/static/*
+  Cache-Control: public, max-age: 1800, s-max-age=604800, must-revalidate
diff --git a/source/_includes/javascripts/scripts.html b/source/_includes/javascripts/scripts.html
index 5f7df97cef5..4330401c789 100644
--- a/source/_includes/javascripts/scripts.html
+++ b/source/_includes/javascripts/scripts.html
@@ -5,7 +5,7 @@ g.src=('https:'==location.protocol?'//ssl':'//www')+'.google-analytics.com/ga.js
 s.parentNode.insertBefore(g,s)}(document,'script'));
 </script>
 
-<script type="text/javascript" src="/javascripts/prism.js"></script>
+<script src="/javascripts/prism.js?{{ site.time | date: '%s' }}" type="text/javascript"></script>
 
 <link rel="stylesheet" href="https://cdn.jsdelivr.net/docsearch.js/2/docsearch.min.css" />
 <script type="text/javascript" src="https://cdn.jsdelivr.net/docsearch.js/2/docsearch.min.js"></script>
diff --git a/source/_includes/site/head.html b/source/_includes/site/head.html
index be4531fca06..35b140ccf88 100644
--- a/source/_includes/site/head.html
+++ b/source/_includes/site/head.html
@@ -28,8 +28,8 @@
     <meta name="twitter:description" content="{{ page.description | default: site.description | strip_html | truncate: 200 }}">
     <meta name="twitter:image" content="{{ page.og_image | default: "/images/default-social.png" | prepend: site.url }}">
 
-    <link href="/stylesheets/prism.css" rel="stylesheet">
-    <link href="/stylesheets/screen.css" media="screen, projection, print" rel="stylesheet">
+        <link href="/stylesheets/prism.css?{{ site.time | date: '%s' }}" rel="stylesheet">
+        <link href="/stylesheets/screen.css?{{ site.time | date: '%s' }}" media="screen, projection, print" rel="stylesheet">
     <link href="{{ site.subscribe_rss }}" rel="alternate" title="{{ site.title }}" type="application/atom+xml">
     <link rel='shortcut icon' href='/images/favicon.ico' />
     <link rel='icon' type='image/png' href='/images/favicon-192x192.png' sizes='192x192' />