From 84d58ce47843e8b8363a855040c0b785bd3ea999 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Thu, 7 Apr 2022 11:49:44 +0800
Subject: [PATCH 01/47] Update build.sh

---
 build.sh | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/build.sh b/build.sh
index d5609b9..98d53a4 100644
--- a/build.sh
+++ b/build.sh
@@ -3,7 +3,7 @@
 ################################################
 # Check repo is running on isomer v2 template. #
 ################################################
-if ! grep -Fxq "remote_theme: isomerpages/isomerpages-template@next-gen" /opt/build/repo/_config.yml; then
+if ! grep -Fxq "remote_theme: isomerpages/isomerpages-template@next-gen" _config.yml; then
   echo "$1 is not on isomerpages/isomerpages-template@next-gen"
   exit 1
 fi
@@ -11,12 +11,12 @@ fi
 #################################################################
 # Override netlify.toml with centrally-hosted netlify.toml file #
 #################################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/netlify.toml -o /opt/build/repo/netlify.toml
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/netlify.toml -o netlify.toml
 
 ###################################################################
 # Obtain config override file to enforce plugins and remote theme #
 ###################################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o /opt/build/repo/_config-override.yml
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o _config-override.yml
 
 #####################################################
 # Delete custom plugins from _plugins folder if any #
@@ -28,10 +28,10 @@ rm -rf _plugins
 # The Gemfile can either reference isomer-jekyll #
 # or github-pages                                #
 ##################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-github-pages -o /opt/build/repo/Gemfile-github-pages
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-isomer-jekyll -o /opt/build/repo/Gemfile-isomer-jekyll
-diff_line_count_github_pages_gemfile=$(diff --ignore-space-change /opt/build/repo/Gemfile /opt/build/repo/Gemfile-github-pages | wc -l)
-diff_line_count_isomer_jekyll_gemfile=$(diff --ignore-space-change /opt/build/repo/Gemfile /opt/build/repo/Gemfile-isomer-jekyll | wc -l)
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-github-pages -o Gemfile-github-pages
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-isomer-jekyll -o Gemfile-isomer-jekyll
+diff_line_count_github_pages_gemfile=$(diff --ignore-space-change Gemfile Gemfile-github-pages | wc -l)
+diff_line_count_isomer_jekyll_gemfile=$(diff --ignore-space-change Gemfile Gemfile-isomer-jekyll | wc -l)
 if (( diff_line_count_github_pages_gemfile > 0 && diff_line_count_isomer_jekyll_gemfile > 0 )); then
   echo "Gemfile was tampered with"
   exit 1
@@ -54,4 +54,4 @@ while getopts "e:" opt; do
 done
 
 # netlify build
-JEKYLL_ENV=$env git lfs install && jekyll build --config _config.yml",$var",/opt/build/repo/_config-override.yml
+JEKYLL_ENV=$env git lfs install && jekyll build --config _config.yml",$var",_config-override.yml

From 9fd3d6aef129d9a59a435bab90f027e203efcdce Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Thu, 7 Apr 2022 11:53:49 +0800
Subject: [PATCH 02/47] Update build.sh

---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 98d53a4..8fc22c3 100644
--- a/build.sh
+++ b/build.sh
@@ -54,4 +54,4 @@ while getopts "e:" opt; do
 done
 
 # netlify build
-JEKYLL_ENV=$env git lfs install && jekyll build --config _config.yml",$var",_config-override.yml
+JEKYLL_ENV=$env jekyll build --config _config.yml",$var",_config-override.yml

From 4d2e5b5f01e213d9b44e33a385587584181705e1 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Thu, 7 Apr 2022 12:02:05 +0800
Subject: [PATCH 03/47] Update build.sh

---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 8fc22c3..b6f6490 100644
--- a/build.sh
+++ b/build.sh
@@ -54,4 +54,4 @@ while getopts "e:" opt; do
 done
 
 # netlify build
-JEKYLL_ENV=$env jekyll build --config _config.yml",$var",_config-override.yml
+JEKYLL_ENV=$env bundle exec jekyll build --config _config.yml",$var",_config-override.yml

From 073cb03a6ba03c6065d02dcddd32c6c489d329ad Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 13 Apr 2022 16:25:13 +0800
Subject: [PATCH 04/47] Update build.sh (#21)

Added `git lfs install` back to amplify build.
---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index b6f6490..92cbb6b 100644
--- a/build.sh
+++ b/build.sh
@@ -54,4 +54,4 @@ while getopts "e:" opt; do
 done
 
 # netlify build
-JEKYLL_ENV=$env bundle exec jekyll build --config _config.yml",$var",_config-override.yml
+JEKYLL_ENV=$env git lfs install && bundle exec jekyll build --config _config.yml",$var",_config-override.yml

From 5abf94b6bfa41d1319f9f64a3571ab1c8ffd2688 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Thu, 14 Apr 2022 15:11:22 +0800
Subject: [PATCH 05/47] chore: moved JEKYLL_ENV out of build.sh and into
 Amplify env vars.

---
 .gitignore |  1 +
 build.sh   | 13 ++-----------
 2 files changed, 3 insertions(+), 11 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..62c8935
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea/
\ No newline at end of file
diff --git a/build.sh b/build.sh
index 92cbb6b..682d2df 100644
--- a/build.sh
+++ b/build.sh
@@ -44,14 +44,5 @@ fi
 collections=$(find . -path ./_site -prune -false -o -name collection.yml -type f)
 var=$(echo $collections | sed 's/ .\//,.\//g')
 
-env='development'
-while getopts "e:" opt; do
-  case $opt in
-    e) env=$OPTARG      ;;
-    *) echo 'error' >&2
-       exit 1
-  esac
-done
-
-# netlify build
-JEKYLL_ENV=$env git lfs install && bundle exec jekyll build --config _config.yml",$var",_config-override.yml
+# Amplify build
+git lfs install && bundle exec jekyll build --config _config.yml",$var",_config-override.yml

From e4bd394eb8d18ff2d6a9e3fdae98b70e28fbec29 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Tue, 24 May 2022 17:32:04 +0800
Subject: [PATCH 06/47] feat: Install git lfs if available without throwing an
 error.

---
 build.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 682d2df..24e3db2 100644
--- a/build.sh
+++ b/build.sh
@@ -44,5 +44,14 @@ fi
 collections=$(find . -path ./_site -prune -false -o -name collection.yml -type f)
 var=$(echo $collections | sed 's/ .\//,.\//g')
 
+#################################
+# Install git lfs, if available #
+#################################
+if git lfs install; then
+  echo "git lfs installed"
+else
+  echo "git lfs not installed"
+fi
+
 # Amplify build
-git lfs install && bundle exec jekyll build --config _config.yml",$var",_config-override.yml
+bundle exec jekyll build --config _config.yml",$var",_config-override.yml

From e6053c070bc2638169751ba24971700a4c46ca9c Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 16:51:02 +0800
Subject: [PATCH 07/47] feat: added customHttp.yml to overrides for Amplify
 builds.

---
 build.sh                 |   5 ++
 overrides/customHttp.yml | 122 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 127 insertions(+)
 create mode 100644 overrides/customHttp.yml

diff --git a/build.sh b/build.sh
index 24e3db2..dadbd0d 100644
--- a/build.sh
+++ b/build.sh
@@ -13,6 +13,11 @@ fi
 #################################################################
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/netlify.toml -o netlify.toml
 
+###############################################################################
+# Override Amplify's customHttp.yml with centrally-hosted customHttp.yml file #
+###############################################################################
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
+
 ###################################################################
 # Obtain config override file to enforce plugins and remote theme #
 ###################################################################
diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
new file mode 100644
index 0000000..429c4e0
--- /dev/null
+++ b/overrides/customHttp.yml
@@ -0,0 +1,122 @@
+customHeaders:
+  - pattern: '*'
+    headers:
+      - key: X-XSS-Protection
+        value: 1; mode=block
+      - key: Referrer-Policy
+        value: no-referrer
+      - key: X-Content-Type-Options
+        value: nosniff
+      - key: X-Frame-Options
+        value: deny
+      - key: Content-Security-Policy
+        value: |-
+          default-src 
+            'self'
+            ; 
+          script-src 
+            'self' 
+            blob: 
+            https://assets.dcube.cloud 
+            https://*.wogaa.sg 
+            https://assets.adobedtm.com 
+            https://www.google-analytics.com 
+            https://cdnjs.cloudflare.com 
+            https://va.ecitizen.gov.sg 
+            https://*.cloudfront.net 
+            https://printjs-4de6.kxcdn.com 
+            https://unpkg.com 
+            https://wogadobeanalytics.sc.omtrdc.net 
+            https://connect.facebook.net 
+            https://graph.facebook.com 
+            https://facebook.com 
+            https://www.facebook.com 
+            https://www.googletagmanager.com 
+            https://*.licdn.com 
+            https://webchat.vica.gov.sg 
+            https://vica.gov.sg
+            https://www.google.com/recaptcha/
+            https://www.gstatic.com/recaptcha/
+            https://static.zdassets.com
+            https://ekr.zdassets.com
+            https://*.zendesk.com
+            https://*.zopim.com
+            https://www.instagram.com
+            wss://*.zendesk.com
+            wss://*.zopim.com
+            ; 
+          object-src 
+            'self'
+            ; 
+          style-src 
+            'self' 
+            'unsafe-inline'
+            https://fonts.googleapis.com/ 
+            https://*.cloudfront.net 
+            https://va.ecitizen.gov.sg 
+            https://*.wogaa.sg 
+            https://cdnjs.cloudflare.com 
+            https://datagovsg.github.io 
+            https://webchat.vica.gov.sg 
+            https://vica.gov.sg
+            https://unpkg.com
+            ; 
+          img-src 
+            *
+            ; 
+          media-src 
+            *
+            ; 
+          frame-src 
+            https://form.gov.sg/ 
+            https://wogaa.demdex.net/ 
+            https://*.youtube.com 
+            https://*.youtube-nocookie.com 
+            https://*.vimeo.com 
+            https://www.google.com 
+            https://checkfirst.gov.sg 
+            https://www.checkfirst.gov.sg 
+            https://docs.google.com 
+            https://nlb.ap.panopto.com
+            https://www.google.com/recaptcha/
+            https://www.gstatic.com/recaptcha/
+            https://data.gov.sg
+            https://calendar.google.com
+            https://www.facebook.com
+            https://m.facebook.com/
+            https://www.instagram.com
+            ; 
+          frame-ancestors 
+            'none'
+            ; 
+          font-src 
+            * 
+            data:
+            ; 
+          connect-src 
+            'self' 
+            https://dpm.demdex.net 
+            https://www.google-analytics.com 
+            https://stats.g.doubleclick.net 
+            https://*.wogaa.sg 
+            https://va.ecitizen.gov.sg 
+            https://ifaqs.flexanswer.com 
+            https://*.cloudfront.net 
+            https://fonts.googleapis.com 
+            https://cdnjs.cloudflare.com 
+            https://wogadobeanalytics.sc.omtrdc.net 
+            https://data.gov.sg 
+            https://api.isomer.gov.sg
+            https://webchat.vica.gov.sg
+            https://chat.vica.gov.sg
+            https://vica.gov.sg
+            https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com
+            wss://chat.vica.gov.sg
+            https://api-vica-ana.vica.gov.sg/api/v1/response-ratings
+            https://static.zdassets.com
+            https://ekr.zdassets.com
+            https://*.zendesk.com
+            https://*.zopim.com
+            wss://*.zendesk.com
+            wss://*.zopim.com
+            ;

From c5e0065aa138d33bc108d4c968c17df5d4046516 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 17:06:50 +0800
Subject: [PATCH 08/47] fix: tweak customHttp.yml to fix Amplify headers.

---
 overrides/customHttp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 429c4e0..8aa173c 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -1,5 +1,5 @@
 customHeaders:
-  - pattern: '*'
+  - pattern: '**/*'
     headers:
       - key: X-XSS-Protection
         value: 1; mode=block

From 50a5998da1cedb50d1a2eccd4b6436d223535b08 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 17:10:56 +0800
Subject: [PATCH 09/47] fix: tweaked build.sh for customHttp.yml debugging.

---
 build.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/build.sh b/build.sh
index dadbd0d..0a91175 100644
--- a/build.sh
+++ b/build.sh
@@ -17,6 +17,8 @@ curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/n
 # Override Amplify's customHttp.yml with centrally-hosted customHttp.yml file #
 ###############################################################################
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
+# debug customHttp.yml
+cat customHttp.yml
 
 ###################################################################
 # Obtain config override file to enforce plugins and remote theme #

From 51a29d0a0b56f4f84edf4cdd1d03b3c31e7fce37 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 17:28:24 +0800
Subject: [PATCH 10/47] fix: attempt to fix customHttp.yml

---
 overrides/customHttp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 8aa173c..54bd52c 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -10,7 +10,7 @@ customHeaders:
       - key: X-Frame-Options
         value: deny
       - key: Content-Security-Policy
-        value: |-
+        value: |-10
           default-src 
             'self'
             ; 

From af6c4ee089d281f4c829884c8ca9fbc596e0b841 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 17:31:27 +0800
Subject: [PATCH 11/47] Update customHttp.yml

---
 overrides/customHttp.yml | 108 +--------------------------------------
 1 file changed, 1 insertion(+), 107 deletions(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 54bd52c..ad85776 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -10,113 +10,7 @@ customHeaders:
       - key: X-Frame-Options
         value: deny
       - key: Content-Security-Policy
-        value: |-10
+        value: |-
           default-src 
             'self'
             ; 
-          script-src 
-            'self' 
-            blob: 
-            https://assets.dcube.cloud 
-            https://*.wogaa.sg 
-            https://assets.adobedtm.com 
-            https://www.google-analytics.com 
-            https://cdnjs.cloudflare.com 
-            https://va.ecitizen.gov.sg 
-            https://*.cloudfront.net 
-            https://printjs-4de6.kxcdn.com 
-            https://unpkg.com 
-            https://wogadobeanalytics.sc.omtrdc.net 
-            https://connect.facebook.net 
-            https://graph.facebook.com 
-            https://facebook.com 
-            https://www.facebook.com 
-            https://www.googletagmanager.com 
-            https://*.licdn.com 
-            https://webchat.vica.gov.sg 
-            https://vica.gov.sg
-            https://www.google.com/recaptcha/
-            https://www.gstatic.com/recaptcha/
-            https://static.zdassets.com
-            https://ekr.zdassets.com
-            https://*.zendesk.com
-            https://*.zopim.com
-            https://www.instagram.com
-            wss://*.zendesk.com
-            wss://*.zopim.com
-            ; 
-          object-src 
-            'self'
-            ; 
-          style-src 
-            'self' 
-            'unsafe-inline'
-            https://fonts.googleapis.com/ 
-            https://*.cloudfront.net 
-            https://va.ecitizen.gov.sg 
-            https://*.wogaa.sg 
-            https://cdnjs.cloudflare.com 
-            https://datagovsg.github.io 
-            https://webchat.vica.gov.sg 
-            https://vica.gov.sg
-            https://unpkg.com
-            ; 
-          img-src 
-            *
-            ; 
-          media-src 
-            *
-            ; 
-          frame-src 
-            https://form.gov.sg/ 
-            https://wogaa.demdex.net/ 
-            https://*.youtube.com 
-            https://*.youtube-nocookie.com 
-            https://*.vimeo.com 
-            https://www.google.com 
-            https://checkfirst.gov.sg 
-            https://www.checkfirst.gov.sg 
-            https://docs.google.com 
-            https://nlb.ap.panopto.com
-            https://www.google.com/recaptcha/
-            https://www.gstatic.com/recaptcha/
-            https://data.gov.sg
-            https://calendar.google.com
-            https://www.facebook.com
-            https://m.facebook.com/
-            https://www.instagram.com
-            ; 
-          frame-ancestors 
-            'none'
-            ; 
-          font-src 
-            * 
-            data:
-            ; 
-          connect-src 
-            'self' 
-            https://dpm.demdex.net 
-            https://www.google-analytics.com 
-            https://stats.g.doubleclick.net 
-            https://*.wogaa.sg 
-            https://va.ecitizen.gov.sg 
-            https://ifaqs.flexanswer.com 
-            https://*.cloudfront.net 
-            https://fonts.googleapis.com 
-            https://cdnjs.cloudflare.com 
-            https://wogadobeanalytics.sc.omtrdc.net 
-            https://data.gov.sg 
-            https://api.isomer.gov.sg
-            https://webchat.vica.gov.sg
-            https://chat.vica.gov.sg
-            https://vica.gov.sg
-            https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com
-            wss://chat.vica.gov.sg
-            https://api-vica-ana.vica.gov.sg/api/v1/response-ratings
-            https://static.zdassets.com
-            https://ekr.zdassets.com
-            https://*.zendesk.com
-            https://*.zopim.com
-            wss://*.zendesk.com
-            wss://*.zopim.com
-            ;

From df5e764a7363a1bc22deec17690d05f549e4afe8 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 17:42:15 +0800
Subject: [PATCH 12/47] Update customHttp.yml

---
 overrides/customHttp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index ad85776..386df66 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -10,7 +10,7 @@ customHeaders:
       - key: X-Frame-Options
         value: deny
       - key: Content-Security-Policy
-        value: |-
+        value: >-
           default-src 
             'self'
             ; 

From a9f96d344e5098c8dcf1d79db80d1f8c992cbdf4 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 17:56:38 +0800
Subject: [PATCH 13/47] Update build.sh

---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 0a91175..8bd071d 100644
--- a/build.sh
+++ b/build.sh
@@ -16,7 +16,7 @@ curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/n
 ###############################################################################
 # Override Amplify's customHttp.yml with centrally-hosted customHttp.yml file #
 ###############################################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
+# curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
 # debug customHttp.yml
 cat customHttp.yml
 

From f6b6e0fe2d4df446b346ab402b1a3f6455ea1a97 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Wed, 25 May 2022 19:15:35 +0800
Subject: [PATCH 14/47] fix: removed netlify.toml and customHttp.yml

---
 build.sh                 |  12 ----
 netlify.toml             | 125 ---------------------------------------
 overrides/customHttp.yml |  16 -----
 overrides/netlify.toml   | 125 ---------------------------------------
 4 files changed, 278 deletions(-)
 delete mode 100644 netlify.toml
 delete mode 100644 overrides/customHttp.yml
 delete mode 100644 overrides/netlify.toml

diff --git a/build.sh b/build.sh
index 8bd071d..34bdd76 100644
--- a/build.sh
+++ b/build.sh
@@ -8,18 +8,6 @@ if ! grep -Fxq "remote_theme: isomerpages/isomerpages-template@next-gen" _config
   exit 1
 fi
 
-#################################################################
-# Override netlify.toml with centrally-hosted netlify.toml file #
-#################################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/netlify.toml -o netlify.toml
-
-###############################################################################
-# Override Amplify's customHttp.yml with centrally-hosted customHttp.yml file #
-###############################################################################
-# curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
-# debug customHttp.yml
-cat customHttp.yml
-
 ###################################################################
 # Obtain config override file to enforce plugins and remote theme #
 ###################################################################
diff --git a/netlify.toml b/netlify.toml
deleted file mode 100644
index 68b8cae..0000000
--- a/netlify.toml
+++ /dev/null
@@ -1,125 +0,0 @@
-[build.processing]
-  skip_processing = false
-[build.processing.css]
-  bundle = true
-  minify = true
-[build.processing.js]
-  bundle = true
-  minify = true
-[build.processing.html]
-  pretty_urls = true
-[build.processing.images]
-  compress = true
-[[headers]]
-  for = "/*"
-  [headers.values]
-    X-XSS-Protection = "1; mode=block"
-    Referrer-Policy = "no-referrer"
-    X-Content-Type-Options = "nosniff"
-    X-Frame-Options = "deny"
-    Content-Security-Policy = """
-      default-src 
-        'self'
-        ; 
-      script-src 
-        'self' 
-        blob: 
-        https://assets.dcube.cloud 
-        https://*.wogaa.sg 
-        https://assets.adobedtm.com 
-        https://www.google-analytics.com 
-        https://cdnjs.cloudflare.com 
-        https://va.ecitizen.gov.sg 
-        https://*.cloudfront.net 
-        https://printjs-4de6.kxcdn.com 
-        https://unpkg.com 
-        https://wogadobeanalytics.sc.omtrdc.net 
-        https://connect.facebook.net 
-        https://graph.facebook.com 
-        https://facebook.com 
-        https://www.facebook.com 
-        https://www.googletagmanager.com 
-        https://*.licdn.com 
-        https://webchat.vica.gov.sg 
-        https://vica.gov.sg
-        https://www.google.com/recaptcha/
-        https://www.gstatic.com/recaptcha/
-        https://static.zdassets.com
-        https://ekr.zdassets.com
-        https://*.zendesk.com
-        https://*.zopim.com
-        wss://*.zendesk.com
-        wss://*.zopim.com
-        ; 
-      object-src 
-        'self'
-        ; 
-      style-src 
-        'self' 
-        'unsafe-inline'
-        https://fonts.googleapis.com/ 
-        https://*.cloudfront.net 
-        https://va.ecitizen.gov.sg 
-        https://*.wogaa.sg 
-        https://cdnjs.cloudflare.com 
-        https://datagovsg.github.io 
-        https://webchat.vica.gov.sg 
-        https://vica.gov.sg
-        https://unpkg.com
-        ; 
-      img-src 
-        *
-        ; 
-      media-src 
-        *
-        ; 
-      frame-src 
-        https://form.gov.sg/ 
-        https://wogaa.demdex.net/ 
-        https://*.youtube.com 
-        https://*.youtube-nocookie.com 
-        https://*.vimeo.com 
-        https://www.google.com 
-        https://checkfirst.gov.sg 
-        https://www.checkfirst.gov.sg 
-        https://docs.google.com 
-        https://nlb.ap.panopto.com
-        https://www.google.com/recaptcha/
-        https://www.gstatic.com/recaptcha/
-        https://data.gov.sg
-        ; 
-      frame-ancestors 
-        'none'
-        ; 
-      font-src 
-        * 
-        data:
-        ; 
-      connect-src 
-        'self' 
-        https://dpm.demdex.net 
-        https://www.google-analytics.com 
-        https://stats.g.doubleclick.net 
-        https://*.wogaa.sg 
-        https://va.ecitizen.gov.sg 
-        https://ifaqs.flexanswer.com 
-        https://*.cloudfront.net 
-        https://fonts.googleapis.com 
-        https://cdnjs.cloudflare.com 
-        https://wogadobeanalytics.sc.omtrdc.net 
-        https://data.gov.sg 
-        https://api.isomer.gov.sg
-        https://webchat.vica.gov.sg
-        https://chat.vica.gov.sg
-        https://vica.gov.sg
-        https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com
-        wss://chat.vica.gov.sg
-        https://api-vica-ana.vica.gov.sg/api/v1/response-ratings
-        https://static.zdassets.com
-        https://ekr.zdassets.com
-        https://*.zendesk.com
-        https://*.zopim.com
-        wss://*.zendesk.com
-        wss://*.zopim.com
-        ;
-      """
diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
deleted file mode 100644
index 386df66..0000000
--- a/overrides/customHttp.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-customHeaders:
-  - pattern: '**/*'
-    headers:
-      - key: X-XSS-Protection
-        value: 1; mode=block
-      - key: Referrer-Policy
-        value: no-referrer
-      - key: X-Content-Type-Options
-        value: nosniff
-      - key: X-Frame-Options
-        value: deny
-      - key: Content-Security-Policy
-        value: >-
-          default-src 
-            'self'
-            ; 
diff --git a/overrides/netlify.toml b/overrides/netlify.toml
deleted file mode 100644
index 68b8cae..0000000
--- a/overrides/netlify.toml
+++ /dev/null
@@ -1,125 +0,0 @@
-[build.processing]
-  skip_processing = false
-[build.processing.css]
-  bundle = true
-  minify = true
-[build.processing.js]
-  bundle = true
-  minify = true
-[build.processing.html]
-  pretty_urls = true
-[build.processing.images]
-  compress = true
-[[headers]]
-  for = "/*"
-  [headers.values]
-    X-XSS-Protection = "1; mode=block"
-    Referrer-Policy = "no-referrer"
-    X-Content-Type-Options = "nosniff"
-    X-Frame-Options = "deny"
-    Content-Security-Policy = """
-      default-src 
-        'self'
-        ; 
-      script-src 
-        'self' 
-        blob: 
-        https://assets.dcube.cloud 
-        https://*.wogaa.sg 
-        https://assets.adobedtm.com 
-        https://www.google-analytics.com 
-        https://cdnjs.cloudflare.com 
-        https://va.ecitizen.gov.sg 
-        https://*.cloudfront.net 
-        https://printjs-4de6.kxcdn.com 
-        https://unpkg.com 
-        https://wogadobeanalytics.sc.omtrdc.net 
-        https://connect.facebook.net 
-        https://graph.facebook.com 
-        https://facebook.com 
-        https://www.facebook.com 
-        https://www.googletagmanager.com 
-        https://*.licdn.com 
-        https://webchat.vica.gov.sg 
-        https://vica.gov.sg
-        https://www.google.com/recaptcha/
-        https://www.gstatic.com/recaptcha/
-        https://static.zdassets.com
-        https://ekr.zdassets.com
-        https://*.zendesk.com
-        https://*.zopim.com
-        wss://*.zendesk.com
-        wss://*.zopim.com
-        ; 
-      object-src 
-        'self'
-        ; 
-      style-src 
-        'self' 
-        'unsafe-inline'
-        https://fonts.googleapis.com/ 
-        https://*.cloudfront.net 
-        https://va.ecitizen.gov.sg 
-        https://*.wogaa.sg 
-        https://cdnjs.cloudflare.com 
-        https://datagovsg.github.io 
-        https://webchat.vica.gov.sg 
-        https://vica.gov.sg
-        https://unpkg.com
-        ; 
-      img-src 
-        *
-        ; 
-      media-src 
-        *
-        ; 
-      frame-src 
-        https://form.gov.sg/ 
-        https://wogaa.demdex.net/ 
-        https://*.youtube.com 
-        https://*.youtube-nocookie.com 
-        https://*.vimeo.com 
-        https://www.google.com 
-        https://checkfirst.gov.sg 
-        https://www.checkfirst.gov.sg 
-        https://docs.google.com 
-        https://nlb.ap.panopto.com
-        https://www.google.com/recaptcha/
-        https://www.gstatic.com/recaptcha/
-        https://data.gov.sg
-        ; 
-      frame-ancestors 
-        'none'
-        ; 
-      font-src 
-        * 
-        data:
-        ; 
-      connect-src 
-        'self' 
-        https://dpm.demdex.net 
-        https://www.google-analytics.com 
-        https://stats.g.doubleclick.net 
-        https://*.wogaa.sg 
-        https://va.ecitizen.gov.sg 
-        https://ifaqs.flexanswer.com 
-        https://*.cloudfront.net 
-        https://fonts.googleapis.com 
-        https://cdnjs.cloudflare.com 
-        https://wogadobeanalytics.sc.omtrdc.net 
-        https://data.gov.sg 
-        https://api.isomer.gov.sg
-        https://webchat.vica.gov.sg
-        https://chat.vica.gov.sg
-        https://vica.gov.sg
-        https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com
-        wss://chat.vica.gov.sg
-        https://api-vica-ana.vica.gov.sg/api/v1/response-ratings
-        https://static.zdassets.com
-        https://ekr.zdassets.com
-        https://*.zendesk.com
-        https://*.zopim.com
-        wss://*.zendesk.com
-        wss://*.zopim.com
-        ;
-      """

From 1ba63d95f1739be6639d99d4256bdadeab68c9f2 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Thu, 26 May 2022 13:57:11 +0800
Subject: [PATCH 15/47] chore: find a tool that can parse and write yml files.

---
 build.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/build.sh b/build.sh
index 34bdd76..5ccd697 100644
--- a/build.sh
+++ b/build.sh
@@ -13,6 +13,12 @@ fi
 ###################################################################
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o _config-override.yml
 
+# debug find a tool that can parse and write yml files
+which node
+which python
+which python3
+which yq
+
 #####################################################
 # Delete custom plugins from _plugins folder if any #
 #####################################################

From 9ba0e50456fa2598251dcc74b80ae495621fe002 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Thu, 26 May 2022 14:10:39 +0800
Subject: [PATCH 16/47] chore: try to install yq

---
 build.sh | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/build.sh b/build.sh
index 5ccd697..7804359 100644
--- a/build.sh
+++ b/build.sh
@@ -14,10 +14,9 @@ fi
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o _config-override.yml
 
 # debug find a tool that can parse and write yml files
-which node
-which python
-which python3
-which yq
+yum -y install yq
+yum -y install yq
+
 
 #####################################################
 # Delete custom plugins from _plugins folder if any #

From 68969aaa0a795b44b61ba32f02dbb596ce70846f Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Thu, 26 May 2022 14:16:15 +0800
Subject: [PATCH 17/47] chore: try other ways to install yq.

---
 build.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/build.sh b/build.sh
index 7804359..b5be203 100644
--- a/build.sh
+++ b/build.sh
@@ -14,8 +14,12 @@ fi
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o _config-override.yml
 
 # debug find a tool that can parse and write yml files
-yum -y install yq
-yum -y install yq
+sudo yum -y install yq
+sudo yum -y install yq
+sudo yum list available | grep yq
+sudo yum installed
+python --version
+python3 --version
 
 
 #####################################################

From 63e5d1293baf0982b75109a02481bfba4a9aa042 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Thu, 26 May 2022 15:43:50 +0800
Subject: [PATCH 18/47] fix: bring back the customHttp.yml override.

---
 build.sh                 |  14 ++---
 overrides/customHttp.yml | 124 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 130 insertions(+), 8 deletions(-)
 create mode 100644 overrides/customHttp.yml

diff --git a/build.sh b/build.sh
index b5be203..9c36432 100644
--- a/build.sh
+++ b/build.sh
@@ -8,19 +8,17 @@ if ! grep -Fxq "remote_theme: isomerpages/isomerpages-template@next-gen" _config
   exit 1
 fi
 
+#####################################################################
+# Override customHttp.yml with centrally-hosted customHttp.yml file #
+#####################################################################
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o /opt/build/repo/customHttp.yml
+
+
 ###################################################################
 # Obtain config override file to enforce plugins and remote theme #
 ###################################################################
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o _config-override.yml
 
-# debug find a tool that can parse and write yml files
-sudo yum -y install yq
-sudo yum -y install yq
-sudo yum list available | grep yq
-sudo yum installed
-python --version
-python3 --version
-
 
 #####################################################
 # Delete custom plugins from _plugins folder if any #
diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
new file mode 100644
index 0000000..6b02bc8
--- /dev/null
+++ b/overrides/customHttp.yml
@@ -0,0 +1,124 @@
+# Changes to this file should be copied to overrides/netlify.toml in the master branch.  
+customHeaders:
+  - pattern: '**/*'
+    headers:
+      - key: X-XSS-Protection
+        value: 1; mode=block
+      - key: Referrer-Policy
+        value: no-referrer
+      - key: X-Content-Type-Options
+        value: nosniff
+      - key: X-Frame-Options
+        value: deny
+      - key: Content-Security-Policy
+        # Amplify requires all lines in a multi-line string to have the same indentation.
+        value: >-
+          default-src 
+          'self'
+          ; 
+          script-src 
+          'self' 
+          blob: 
+          https://assets.dcube.cloud 
+          https://*.wogaa.sg 
+          https://assets.adobedtm.com 
+          https://www.google-analytics.com 
+          https://cdnjs.cloudflare.com 
+          https://va.ecitizen.gov.sg 
+          https://*.cloudfront.net 
+          https://printjs-4de6.kxcdn.com 
+          https://unpkg.com 
+          https://wogadobeanalytics.sc.omtrdc.net 
+          https://connect.facebook.net 
+          https://graph.facebook.com 
+          https://facebook.com 
+          https://www.facebook.com 
+          https://www.googletagmanager.com 
+          https://*.licdn.com 
+          https://webchat.vica.gov.sg 
+          https://vica.gov.sg
+          https://www.google.com/recaptcha/
+          https://www.gstatic.com/recaptcha/
+          https://static.zdassets.com
+          https://ekr.zdassets.com
+          https://*.zendesk.com
+          https://*.zopim.com
+          https://www.instagram.com
+          wss://*.zendesk.com
+          wss://*.zopim.com
+          ; 
+          object-src 
+          'self'
+          ; 
+          style-src 
+          'self' 
+          'unsafe-inline'
+          https://fonts.googleapis.com/ 
+          https://*.cloudfront.net 
+          https://va.ecitizen.gov.sg 
+          https://*.wogaa.sg 
+          https://cdnjs.cloudflare.com 
+          https://datagovsg.github.io 
+          https://webchat.vica.gov.sg 
+          https://vica.gov.sg
+          https://unpkg.com
+          ; 
+          img-src 
+          *
+          ; 
+          media-src 
+          *
+          ; 
+          frame-src 
+          https://form.gov.sg/ 
+          https://wogaa.demdex.net/ 
+          https://*.youtube.com 
+          https://*.youtube-nocookie.com 
+          https://*.vimeo.com 
+          https://www.google.com 
+          https://checkfirst.gov.sg 
+          https://www.checkfirst.gov.sg 
+          https://docs.google.com 
+          https://nlb.ap.panopto.com
+          https://www.google.com/recaptcha/
+          https://www.gstatic.com/recaptcha/
+          https://data.gov.sg
+          https://calendar.google.com
+          https://www.facebook.com
+          https://m.facebook.com/
+          https://www.instagram.com
+          ; 
+          frame-ancestors 
+          'none'
+          ; 
+          font-src 
+          * 
+          data:
+          ; 
+          connect-src 
+          'self' 
+          https://dpm.demdex.net 
+          https://www.google-analytics.com 
+          https://stats.g.doubleclick.net 
+          https://*.wogaa.sg 
+          https://va.ecitizen.gov.sg 
+          https://ifaqs.flexanswer.com 
+          https://*.cloudfront.net 
+          https://fonts.googleapis.com 
+          https://cdnjs.cloudflare.com 
+          https://wogadobeanalytics.sc.omtrdc.net 
+          https://data.gov.sg 
+          https://api.isomer.gov.sg
+          https://webchat.vica.gov.sg
+          https://chat.vica.gov.sg
+          https://vica.gov.sg
+          https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com
+          wss://chat.vica.gov.sg
+          https://api-vica-ana.vica.gov.sg/api/v1/response-ratings
+          https://static.zdassets.com
+          https://ekr.zdassets.com
+          https://*.zendesk.com
+          https://*.zopim.com
+          wss://*.zendesk.com
+          wss://*.zopim.com
+          ;

From 356ea0a82c1b82c320648f0c21fb11562c610509 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Thu, 26 May 2022 15:53:40 +0800
Subject: [PATCH 19/47] fix: write customHttp.yml to the correct location.

---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 9c36432..3a6baf7 100644
--- a/build.sh
+++ b/build.sh
@@ -11,7 +11,7 @@ fi
 #####################################################################
 # Override customHttp.yml with centrally-hosted customHttp.yml file #
 #####################################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o /opt/build/repo/customHttp.yml
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
 
 
 ###################################################################

From 84dff7a84e400a252dbd38d021f674d16e4c02de Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Fri, 27 May 2022 10:48:01 +0800
Subject: [PATCH 20/47] feat: add Strict-Transport-Security header.

---
 overrides/customHttp.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 6b02bc8..ba22c2c 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -10,6 +10,8 @@ customHeaders:
         value: nosniff
       - key: X-Frame-Options
         value: deny
+      - key: Strict-Transport-Security
+        value: max-age=31536000; includeSubDomains; preload
       - key: Content-Security-Policy
         # Amplify requires all lines in a multi-line string to have the same indentation.
         value: >-

From c4ad06c943db04782ce218a6e5f05260d079e738 Mon Sep 17 00:00:00 2001
From: "Richard C. Davis" <richard@open.gov.sg>
Date: Fri, 27 May 2022 10:58:04 +0800
Subject: [PATCH 21/47] chore: Added comment to cuttomHttp.yml's
 Strict-Transport-Security header.

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index ba22c2c..03395cb 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -11,6 +11,7 @@ customHeaders:
       - key: X-Frame-Options
         value: deny
       - key: Strict-Transport-Security
+        # This header is added automatically by Netlify and KeyCDN.
         value: max-age=31536000; includeSubDomains; preload
       - key: Content-Security-Policy
         # Amplify requires all lines in a multi-line string to have the same indentation.

From c5022e9588c0b14c523ffa6297a2ecfaf271908c Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Thu, 5 Jan 2023 13:38:00 +0800
Subject: [PATCH 22/47] Update customHttp.yml

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 03395cb..00c7229 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -84,6 +84,7 @@ customHeaders:
           https://docs.google.com 
           https://nlb.ap.panopto.com
           https://www.google.com/recaptcha/
+          https://accounts.google.com
           https://www.gstatic.com/recaptcha/
           https://data.gov.sg
           https://calendar.google.com

From 120326540d8179c2f5867316b539765cb830a386 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Tue, 17 Jan 2023 11:42:07 +0800
Subject: [PATCH 23/47] Update customHttp.yml

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 00c7229..e008875 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -88,6 +88,7 @@ customHeaders:
           https://www.gstatic.com/recaptcha/
           https://data.gov.sg
           https://calendar.google.com
+          https://*.fls.doubleclick.net
           https://www.facebook.com
           https://m.facebook.com/
           https://www.instagram.com

From f5cc60a6f184374353044bec050637bc1d1bc1cd Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Fri, 20 Jan 2023 17:37:59 +0800
Subject: [PATCH 24/47] Update customHttp.yml

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index e008875..57d70f3 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -88,6 +88,7 @@ customHeaders:
           https://www.gstatic.com/recaptcha/
           https://data.gov.sg
           https://calendar.google.com
+          https://datastudio.google.com
           https://*.fls.doubleclick.net
           https://www.facebook.com
           https://m.facebook.com/

From a93711310503c8fbfce2f2823dcf25f6978b4bb5 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Wed, 22 Feb 2023 09:29:17 +0800
Subject: [PATCH 25/47] Feat: add lookerstudio.google.com

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 57d70f3..c244321 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -89,6 +89,7 @@ customHeaders:
           https://data.gov.sg
           https://calendar.google.com
           https://datastudio.google.com
+          https://lookerstudio.google.com
           https://*.fls.doubleclick.net
           https://www.facebook.com
           https://m.facebook.com/

From 985843c39037de65dc297cf6a6c87962928f5803 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Tue, 25 Apr 2023 15:37:46 +0800
Subject: [PATCH 26/47] Feat/add inline script for GTM amplify

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index c244321..5c9283a 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -21,6 +21,7 @@ customHeaders:
           ; 
           script-src 
           'self' 
+          'sha256-7tJzJRhCSII909o84m4q85UWUc5EDMrrjsQXbeH+qlc='
           blob: 
           https://assets.dcube.cloud 
           https://*.wogaa.sg 

From a10e56d1f17f231c1b18a01b0549ca733f480859 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Fri, 26 May 2023 19:27:20 +0800
Subject: [PATCH 27/47] Update customHttp.yml for GTM

---
 overrides/customHttp.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 5c9283a..79fffc8 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -37,7 +37,7 @@ customHeaders:
           https://graph.facebook.com 
           https://facebook.com 
           https://www.facebook.com 
-          https://www.googletagmanager.com 
+          https://*.googletagmanager.com
           https://*.licdn.com 
           https://webchat.vica.gov.sg 
           https://vica.gov.sg
@@ -106,7 +106,9 @@ customHeaders:
           connect-src 
           'self' 
           https://dpm.demdex.net 
-          https://www.google-analytics.com 
+          https://*.google-analytics.com
+          https://analytics.google.com
+          https://*.googletagmanager.com 
           https://stats.g.doubleclick.net 
           https://*.wogaa.sg 
           https://va.ecitizen.gov.sg 

From 59b0b3bbd7a2a2c202caa6d916c13f0316dbd946 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Wed, 14 Jun 2023 16:22:34 +0800
Subject: [PATCH 28/47] Update customHttp.yml

---
 overrides/customHttp.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 79fffc8..e84a167 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -48,6 +48,7 @@ customHeaders:
           https://*.zendesk.com
           https://*.zopim.com
           https://www.instagram.com
+          https://script.wiz.gov.sg/widget.js
           wss://*.zendesk.com
           wss://*.zopim.com
           ; 
@@ -66,6 +67,7 @@ customHeaders:
           https://webchat.vica.gov.sg 
           https://vica.gov.sg
           https://unpkg.com
+          https://script.wiz.gov.sg/widget.css
           ; 
           img-src 
           *
@@ -129,6 +131,7 @@ customHeaders:
           https://ekr.zdassets.com
           https://*.zendesk.com
           https://*.zopim.com
+          https://go.ask.gov.sg
           wss://*.zendesk.com
           wss://*.zopim.com
           ;

From 236f02c922d86b2dbd254f9783138b964de615f4 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Fri, 16 Jun 2023 11:36:16 +0800
Subject: [PATCH 29/47] Update customHttp.yml

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index e84a167..4e0cb19 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -97,6 +97,7 @@ customHeaders:
           https://www.facebook.com
           https://m.facebook.com/
           https://www.instagram.com
+          https://api.id.gov.sg/
           ; 
           frame-ancestors 
           'none'

From b5b4d79dced9f9d7008bf18198c937fbeca506fe Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Mon, 19 Jun 2023 13:48:27 +0800
Subject: [PATCH 30/47] Update customHttp.yml

---
 overrides/customHttp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 4e0cb19..59156e7 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -132,7 +132,7 @@ customHeaders:
           https://ekr.zdassets.com
           https://*.zendesk.com
           https://*.zopim.com
-          https://go.ask.gov.sg
+          https://ask.gov.sg
           wss://*.zendesk.com
           wss://*.zopim.com
           ;

From 5bba7ed347a5bbaa091a059391e3987fcb2d9caa Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Wed, 12 Jul 2023 17:12:48 +0800
Subject: [PATCH 31/47] chore/staging wizgov amplify

---
 overrides/customHttp.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 59156e7..9473292 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -49,6 +49,7 @@ customHeaders:
           https://*.zopim.com
           https://www.instagram.com
           https://script.wiz.gov.sg/widget.js
+          https://script-staging.wiz.gov.sg/widget.js
           wss://*.zendesk.com
           wss://*.zopim.com
           ; 
@@ -68,6 +69,7 @@ customHeaders:
           https://vica.gov.sg
           https://unpkg.com
           https://script.wiz.gov.sg/widget.css
+          https://script-staging.wiz.gov.sg/widget.css
           ; 
           img-src 
           *
@@ -133,6 +135,7 @@ customHeaders:
           https://*.zendesk.com
           https://*.zopim.com
           https://ask.gov.sg
+          https://staging.ask.gov.sg
           wss://*.zendesk.com
           wss://*.zopim.com
           ;

From 5a4c81a70b34e8153d66497031a041edf9b40460 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Thu, 31 Aug 2023 12:49:27 +0800
Subject: [PATCH 32/47] Feat/wogaa amplify (#49)

* Update customHttp.yml

* Update customHttp.yml

* Update customHttp.yml
---
 overrides/customHttp.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 9473292..1af7b40 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -18,6 +18,7 @@ customHeaders:
         value: >-
           default-src 
           'self'
+          https://*.dcube.cloud/
           ; 
           script-src 
           'self' 
@@ -52,6 +53,7 @@ customHeaders:
           https://script-staging.wiz.gov.sg/widget.js
           wss://*.zendesk.com
           wss://*.zopim.com
+          https://*.dcube.cloud/
           ; 
           object-src 
           'self'
@@ -70,6 +72,7 @@ customHeaders:
           https://unpkg.com
           https://script.wiz.gov.sg/widget.css
           https://script-staging.wiz.gov.sg/widget.css
+          https://assets.dcube.cloud/
           ; 
           img-src 
           *
@@ -138,4 +141,5 @@ customHeaders:
           https://staging.ask.gov.sg
           wss://*.zendesk.com
           wss://*.zopim.com
+          https://*.dcube.cloud/
           ;

From b4bb1750d79cdc237ebe475532ff11847db638b7 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Wed, 6 Sep 2023 21:24:24 +0800
Subject: [PATCH 33/47] Update customHttp.yml (#51)

---
 overrides/customHttp.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 1af7b40..b107b6f 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -54,6 +54,7 @@ customHeaders:
           wss://*.zendesk.com
           wss://*.zopim.com
           https://*.dcube.cloud/
+          https://console-flex-api.ap.sabio.cloud
           ; 
           object-src 
           'self'
@@ -73,6 +74,7 @@ customHeaders:
           https://script.wiz.gov.sg/widget.css
           https://script-staging.wiz.gov.sg/widget.css
           https://assets.dcube.cloud/
+          https://console-flex-api.ap.sabio.cloud
           ; 
           img-src 
           *
@@ -142,4 +144,5 @@ customHeaders:
           wss://*.zendesk.com
           wss://*.zopim.com
           https://*.dcube.cloud/
+          https://console-flex-api.ap.sabio.cloud
           ;

From b7d3a894c31e7119e2a7b08d25aebc853b2c760e Mon Sep 17 00:00:00 2001
From: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com>
Date: Wed, 13 Sep 2023 16:42:15 +0800
Subject: [PATCH 34/47] feat(sass): compress SASS styles (#52)

---
 overrides/_config-override.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/overrides/_config-override.yml b/overrides/_config-override.yml
index 3620089..6bba632 100644
--- a/overrides/_config-override.yml
+++ b/overrides/_config-override.yml
@@ -8,4 +8,6 @@ plugins:
 
 # Approved remote_theme
 remote_theme: isomerpages/isomerpages-template@next-gen
-safe: false
\ No newline at end of file
+safe: false
+sass:
+  style: compressed

From 7fe2090a31dbfc09225862cbf3bfb04f6aac98f3 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Mon, 20 Nov 2023 15:13:51 +0800
Subject: [PATCH 35/47] Update customHttp.yml (#54)

---
 overrides/customHttp.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index b107b6f..7243673 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -55,6 +55,8 @@ customHeaders:
           wss://*.zopim.com
           https://*.dcube.cloud/
           https://console-flex-api.ap.sabio.cloud
+          https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js
+          https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js
           ; 
           object-src 
           'self'
@@ -75,6 +77,7 @@ customHeaders:
           https://script-staging.wiz.gov.sg/widget.css
           https://assets.dcube.cloud/
           https://console-flex-api.ap.sabio.cloud
+          https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css
           ; 
           img-src 
           *
@@ -145,4 +148,5 @@ customHeaders:
           wss://*.zopim.com
           https://*.dcube.cloud/
           https://console-flex-api.ap.sabio.cloud
+          https://1v7dzgzjkk-1.algolianet.com/
           ;

From 1cd7e372d21d88ad9745c45509fb2be481df6de3 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Wed, 17 Jan 2024 14:14:47 +0800
Subject: [PATCH 36/47] chore/amplify authmiddleware.ap.sabio.cloud (#57)

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 7243673..1910303 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -148,5 +148,6 @@ customHeaders:
           wss://*.zopim.com
           https://*.dcube.cloud/
           https://console-flex-api.ap.sabio.cloud
+          https://authmiddleware.ap.sabio.cloud
           https://1v7dzgzjkk-1.algolianet.com/
           ;

From 48564f5a8394f50bdd1d55ab143fb1a9b4eb863e Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Tue, 23 Jan 2024 18:07:03 +0800
Subject: [PATCH 37/47] feat/datagov-api amplify (#59)

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 1910303..53c608c 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -131,6 +131,7 @@ customHeaders:
           https://cdnjs.cloudflare.com 
           https://wogadobeanalytics.sc.omtrdc.net 
           https://data.gov.sg 
+          https://api-production.data.gov.sg
           https://api.isomer.gov.sg
           https://webchat.vica.gov.sg
           https://chat.vica.gov.sg

From 02e7f320b3a66b81975c1de354961ae76e2d673d Mon Sep 17 00:00:00 2001
From: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com>
Date: Fri, 16 Feb 2024 14:31:10 +0800
Subject: [PATCH 38/47] Add https://vimeo.com to frame-src (#61)

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 53c608c..062d453 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -91,6 +91,7 @@ customHeaders:
           https://*.youtube.com 
           https://*.youtube-nocookie.com 
           https://*.vimeo.com 
+          https://vimeo.com
           https://www.google.com 
           https://checkfirst.gov.sg 
           https://www.checkfirst.gov.sg 

From 470d3e1e1737a443f2cb8ed28c10eb2a538874e7 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Fri, 5 Apr 2024 12:25:35 +0800
Subject: [PATCH 39/47] feat/add script-src for gtm load time (#64)

* feat/add script-src for gtm load time

* Update customHttp.yml
---
 overrides/customHttp.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 062d453..1c51c5c 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -22,7 +22,7 @@ customHeaders:
           ; 
           script-src 
           'self' 
-          'sha256-7tJzJRhCSII909o84m4q85UWUc5EDMrrjsQXbeH+qlc='
+          'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag
           blob: 
           https://assets.dcube.cloud 
           https://*.wogaa.sg 
@@ -33,6 +33,7 @@ customHeaders:
           https://*.cloudfront.net 
           https://printjs-4de6.kxcdn.com 
           https://unpkg.com 
+          https://unpkg.com/web-vitals
           https://wogadobeanalytics.sc.omtrdc.net 
           https://connect.facebook.net 
           https://graph.facebook.com 

From 4f34cf5d05d900e9b5f0b9a7955176c95b49ba3c Mon Sep 17 00:00:00 2001
From: Hsu Zhong Jun <27919917+dcshzj@users.noreply.github.com>
Date: Wed, 17 Apr 2024 17:55:24 +0800
Subject: [PATCH 40/47] chore: add *.data.gov.sg to frame-src (#65)

---
 overrides/customHttp.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 1c51c5c..aa4a944 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -102,6 +102,7 @@ customHeaders:
           https://accounts.google.com
           https://www.gstatic.com/recaptcha/
           https://data.gov.sg
+          https://*.data.gov.sg
           https://calendar.google.com
           https://datastudio.google.com
           https://lookerstudio.google.com

From 5ecb036a64b1338b9ff83dc4e3bfeb21837296b3 Mon Sep 17 00:00:00 2001
From: Kishore <42832651+kishore03109@users.noreply.github.com>
Date: Tue, 23 Apr 2024 11:20:13 +0800
Subject: [PATCH 41/47] fix(algolia): allow for batching to work (#67)

* fix(algolia): allow for batching to work

* chore(url): rm redundant url

* chore(url): remove redundant url
---
 overrides/customHttp.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index aa4a944..03a8181 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -153,5 +153,5 @@ customHeaders:
           https://*.dcube.cloud/
           https://console-flex-api.ap.sabio.cloud
           https://authmiddleware.ap.sabio.cloud
-          https://1v7dzgzjkk-1.algolianet.com/
+          https://1v7dzgzjkk-*.algolianet.com/
           ;

From 28b301b00efb698089050ce170f5b35ee9af4cad Mon Sep 17 00:00:00 2001
From: seaerchin <44049504+seaerchin@users.noreply.github.com>
Date: Fri, 14 Jun 2024 15:56:32 +0800
Subject: [PATCH 42/47] chore(amplify): lock-deps (#71)

* feat: lock-deps

* fix: add install on build
---
 build.sh     | 28 ++++++++++++++++++----------
 lock-deps.sh |  0
 2 files changed, 18 insertions(+), 10 deletions(-)
 create mode 100644 lock-deps.sh

diff --git a/build.sh b/build.sh
index 3a6baf7..418e4d2 100644
--- a/build.sh
+++ b/build.sh
@@ -1,11 +1,11 @@
-#!/bin/bash 
+#!/bin/bash
 
 ################################################
 # Check repo is running on isomer v2 template. #
 ################################################
 if ! grep -Fxq "remote_theme: isomerpages/isomerpages-template@next-gen" _config.yml; then
-  echo "$1 is not on isomerpages/isomerpages-template@next-gen"
-  exit 1
+	echo "$1 is not on isomerpages/isomerpages-template@next-gen"
+	exit 1
 fi
 
 #####################################################################
@@ -13,13 +13,11 @@ fi
 #####################################################################
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
 
-
 ###################################################################
 # Obtain config override file to enforce plugins and remote theme #
 ###################################################################
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o _config-override.yml
 
-
 #####################################################
 # Delete custom plugins from _plugins folder if any #
 #####################################################
@@ -34,9 +32,9 @@ curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/G
 curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-isomer-jekyll -o Gemfile-isomer-jekyll
 diff_line_count_github_pages_gemfile=$(diff --ignore-space-change Gemfile Gemfile-github-pages | wc -l)
 diff_line_count_isomer_jekyll_gemfile=$(diff --ignore-space-change Gemfile Gemfile-isomer-jekyll | wc -l)
-if (( diff_line_count_github_pages_gemfile > 0 && diff_line_count_isomer_jekyll_gemfile > 0 )); then
-  echo "Gemfile was tampered with"
-  exit 1
+if ((diff_line_count_github_pages_gemfile > 0 && diff_line_count_isomer_jekyll_gemfile > 0)); then
+	echo "Gemfile was tampered with"
+	exit 1
 fi
 
 ###############################################################
@@ -50,10 +48,20 @@ var=$(echo $collections | sed 's/ .\//,.\//g')
 # Install git lfs, if available #
 #################################
 if git lfs install; then
-  echo "git lfs installed"
+	echo "git lfs installed"
 else
-  echo "git lfs not installed"
+	echo "git lfs not installed"
 fi
 
+FILE="Gemfile.lock"
+
+if [ -f "$FILE" ]; then
+	echo "The file $FILE exists. Removing it."
+else
+	echo "The file $FILE does not exist."
+fi
+
+curl "https://raw.githubusercontent.com/isomerpages/isomerpages-template/next-gen/Gemfile.lock"
+
 # Amplify build
 bundle exec jekyll build --config _config.yml",$var",_config-override.yml
diff --git a/lock-deps.sh b/lock-deps.sh
new file mode 100644
index 0000000..e69de29

From e264eeee5d36a1fc4685a774170ba0bf3d9511c0 Mon Sep 17 00:00:00 2001
From: Kishore <42832651+kishore03109@users.noreply.github.com>
Date: Mon, 1 Jul 2024 18:33:50 +0800
Subject: [PATCH 43/47] fix(csp): add sabio for amplify (#74)

---
 overrides/customHttp.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 03a8181..a78f6bc 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -55,7 +55,8 @@ customHeaders:
           wss://*.zendesk.com
           wss://*.zopim.com
           https://*.dcube.cloud/
-          https://console-flex-api.ap.sabio.cloud
+          https://console.apac.sabio.cloud/
+          https://console-flex-api.ap.sabio.cloud/
           https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js
           https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js
           ; 

From 51a2469995d15c146ad5a1bb6aaec1efca6a024f Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Tue, 2 Jul 2024 12:03:43 +0800
Subject: [PATCH 44/47] chore: fix algolia whitelist on csp (#75)

---
 overrides/customHttp.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index a78f6bc..35348c3 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -154,5 +154,7 @@ customHeaders:
           https://*.dcube.cloud/
           https://console-flex-api.ap.sabio.cloud
           https://authmiddleware.ap.sabio.cloud
-          https://1v7dzgzjkk-*.algolianet.com/
+          https://*.algolia.net
+          https://*.algolianet.com
+          https://*.algolia.io
           ;

From 2d9ab8af4d9458a1053b0445c690ce8ac9b6f7c4 Mon Sep 17 00:00:00 2001
From: Kishore <42832651+kishore03109@users.noreply.github.com>
Date: Wed, 3 Jul 2024 08:54:39 +0800
Subject: [PATCH 45/47] fix(sabio): add csp to style and connect src (#77)

---
 overrides/customHttp.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 35348c3..2646793 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -78,6 +78,7 @@ customHeaders:
           https://script.wiz.gov.sg/widget.css
           https://script-staging.wiz.gov.sg/widget.css
           https://assets.dcube.cloud/
+          https://console.apac.sabio.cloud/
           https://console-flex-api.ap.sabio.cloud
           https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css
           ; 
@@ -153,6 +154,7 @@ customHeaders:
           wss://*.zopim.com
           https://*.dcube.cloud/
           https://console-flex-api.ap.sabio.cloud
+          https://console.apac.sabio.cloud/
           https://authmiddleware.ap.sabio.cloud
           https://*.algolia.net
           https://*.algolianet.com

From fb2bb8761e4721002ec82dadd29cd1a6ab3ff9ec Mon Sep 17 00:00:00 2001
From: seaerchin <44049504+seaerchin@users.noreply.github.com>
Date: Wed, 21 Aug 2024 17:56:38 +0800
Subject: [PATCH 46/47] feat: remove no referrer  (#78)

* feat: remove referrer policy

* TODO: rvert

* test policy

* add noreferrer fallback for old browsers

* revert change

* revert to use next-gen

* revert build.sh

---------

Co-authored-by: Harish V <harish@open.gov.sg>
---
 overrides/customHttp.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index 2646793..c6563da 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -1,11 +1,11 @@
-# Changes to this file should be copied to overrides/netlify.toml in the master branch.  
+# Changes to this file should be copied to overrides/netlify.toml in the master branch.
 customHeaders:
-  - pattern: '**/*'
+  - pattern: "**/*"
     headers:
       - key: X-XSS-Protection
         value: 1; mode=block
       - key: Referrer-Policy
-        value: no-referrer
+        value: strict-origin-when-cross-origin
       - key: X-Content-Type-Options
         value: nosniff
       - key: X-Frame-Options

From 476870b7b0abea4b4c7fd91f1a4c6f0fd2418a34 Mon Sep 17 00:00:00 2001
From: Alexander Lee <alexleegs@gmail.com>
Date: Thu, 10 Oct 2024 17:09:31 +0800
Subject: [PATCH 47/47] chore/more vica whitelist amplify (#81)

---
 overrides/customHttp.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/overrides/customHttp.yml b/overrides/customHttp.yml
index c6563da..97ce327 100644
--- a/overrides/customHttp.yml
+++ b/overrides/customHttp.yml
@@ -45,6 +45,7 @@ customHeaders:
           https://vica.gov.sg
           https://www.google.com/recaptcha/
           https://www.gstatic.com/recaptcha/
+          https://api-chat-fe-flag.vica.gov.sg
           https://static.zdassets.com
           https://ekr.zdassets.com
           https://*.zendesk.com
@@ -144,6 +145,7 @@ customHeaders:
           https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com
           wss://chat.vica.gov.sg
           https://api-vica-ana.vica.gov.sg/api/v1/response-ratings
+          https://api-chat-fe-flag.vica.gov.sg
           https://static.zdassets.com
           https://ekr.zdassets.com
           https://*.zendesk.com