firebase.json

{
  "hosting": {
    "public": "dist",
    "ignore": ["firebase.json", "**/.*", "**/node_modules/**"],
    "headers": [
      /**
       * Security headers
       **/
      {
        "source": "/",
        "headers": [
          /**
           * The default-src CSP directive is set to 'self' instead of 'none' because of a bug on Firefox.
           * This bug blocks SVGs embed in <use> tags.
           **/
          {
            "key": "Content-Security-Policy",
            "value": "default-src 'self'; base-uri 'self'; frame-ancestors 'none'; img-src 'self' *.ecoindex.fr;"
          },
          {
            "key": "Referrer-Policy",
            "value": "default, strict-origin-when-cross-origin"
          },
          {
            "key": "X-Frame-Options",
            "value": "deny"
          },
          {
            "key": "X-XSS-Protection",
            "value": "1; mode=block"
          }
        ]
      },
      {
        "source": "**",
        "headers": [
          {
            "key": "X-Content-Type-Options",
            "value": "nosniff"
          }
        ]
      },
      /**
       * Cache-Control headers for static files
       * @see {@link https://github.com/h5bp/html5-boilerplate/blob/master/dist/.htaccess}
       **/
      {
        "source": "**/*.@(css|js)",
        "headers": [
          {
            "key": "Cache-Control",
            "value": "public, max-age=31536000"
          }
        ]
      },
      {
        "source": "**/*.@(jpg|png|svg|webp|woff|woff2)",
        "headers": [
          {
            "key": "Cache-Control",
            "value": "public, max-age=2592000"
          }
        ]
      }
    ],
    "rewrites": [
      {
        "source": "**",
        "destination": "/index.html"
      }
    ]
  }
}