[build]
  base = "/"
  command = "pnpm run build"
  functions = "packages/functions/src"
  publish = "packages/web/dist"

[dev]
  framework = "#custom"
  command = "npm run --prefix packages/web dev:full"
  targetPort = 5173
  port = 8888
  functionsPort = 9999
  autoLaunch = false

[[redirects]]
  from = "/oauth-client-metadata.json"
  to = "/.netlify/functions/client-metadata"
  status = 200

[[redirects]]
  from = "/oauth/callback"
  to = "/.netlify/functions/oauth-callback"
  status = 200

[[headers]]
  for = "/oauth-client-metadata.json"
  [headers.values]
    Access-Control-Allow-Origin = "*"
    Cache-Control = "public, max-age=3600"

[[headers]]
    for = "/.well-known/*"
    [headers.values]
    Access-Control-Allow-Origin = "*"

[[headers]]
    for = "/*"
    [headers.values]
    X-Frame-Options = "DENY"
    X-Content-Type-Options = "nosniff"
    X-XSS-Protection = "1; mode=block"
    Referrer-Policy = "strict-origin-when-cross-origin"
    Permissions-Policy = "geolocation=(), microphone=(), camera=()"
    Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https://*.bsky.app https://*.bsky.network https://public.api.bsky.app; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests;"