From 002ebd46e4e97b5d8c1d92a9275061372e53e72f Mon Sep 17 00:00:00 2001 From: Evgeniy Maynagashev Date: Mon, 29 Mar 2021 20:53:59 +0700 Subject: [PATCH] Add CSP's connect-src directive to config (#547) (#548) --- exampleSite/config.toml | 2 ++ layouts/partials/csp.html | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/exampleSite/config.toml b/exampleSite/config.toml index fdc876f..5f1956f 100644 --- a/exampleSite/config.toml +++ b/exampleSite/config.toml @@ -90,6 +90,8 @@ stylesrc = [ ] scriptsrc = ["'self'", "'unsafe-inline'", "https://www.google-analytics.com"] prefetchsrc = ["'self'"] +# connect-src directive – defines valid targets for to XMLHttpRequest (AJAX), WebSockets or EventSource +connectsrc = ["'self'", "https://www.google-analytics.com"] [taxonomies] category = "categories" diff --git a/layouts/partials/csp.html b/layouts/partials/csp.html index 57ded85..e9238a4 100644 --- a/layouts/partials/csp.html +++ b/layouts/partials/csp.html @@ -1 +1 @@ -{{ printf `` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.prefetchsrc " ") | safeHTML }} \ No newline at end of file +{{ printf `` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.prefetchsrc " ") (delimit .Site.Params.csp.connectsrc " ") | safeHTML }}