[build]
  command = "npm run build"
  publish = "dist"

[build.environment]
  NODE_VERSION = "18"
  VITE_SUPABASE_URL = "https://bsjlbnyslxzsdwxvkaap.supabase.co"
  VITE_RESEND_API_KEY = "GEoM_cVt4qyBFVkngJWi8wBrMWOiPMUAuxuFGykcP0A"
  VITE_APP_URL = "https://historiasmagicas.netlify.app/"
  SECRETS_SCAN_OMIT_KEYS = "SUPABASE_ANON_KEY"

[[redirects]]
  from = "/*"
  to = "/index.html"
  status = 200

[[headers]]
  for = "/*"
  [headers.values]
    X-Frame-Options = "DENY"
    X-XSS-Protection = "1; mode=block"
    X-Content-Type-Options = "nosniff"
    Referrer-Policy = "strict-origin-when-cross-origin"
    Cross-Origin-Embedder-Policy = "credentialless"
    Cross-Origin-Opener-Policy = "same-origin"
    Cross-Origin-Resource-Policy = "cross-origin"
    Content-Security-Policy = """
      default-src 'self';
      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.rudderlabs.com https://www.googletagmanager.com https://*.sentry.io;
      connect-src 'self' https://*.rudderlabs.com https://*.ingest.sentry.io https://*.supabase.co https://www.google-analytics.com;
      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
      img-src 'self' data: https: blob:;
      font-src 'self' data: https://fonts.gstatic.com;
      frame-src 'self' https://www.googletagmanager.com;
      worker-src 'self' blob:;
    """
    Access-Control-Allow-Origin = "https://historiasmagicas.netlify.app"
    Access-Control-Allow-Methods = "GET, POST, PUT, DELETE, OPTIONS"
    Access-Control-Allow-Headers = """
      Authorization,
      Content-Type,
      Accept,
      Origin,
      User-Agent,
      DNT,
      Cache-Control,
      X-Mx-ReqToken,
      Keep-Alive,
      X-Requested-With,
      If-Modified-Since
    """
    Access-Control-Max-Age = "3600"

[dev]
  command = "npm run dev"
  port = 5173
  publish = "dist"

[functions]
  node_bundler = "esbuild"