13hannes11/hugo-coder-timeline
1
0
Fork 0
mirror of https://github.com/13hannes11/hugo-coder-timeline.git synced 2024-09-04 00:50:58 +02:00
Code Issues Projects Releases Wiki Activity

Adds Content-Security-Policy template to theme (#504)

Browse Source 
* feat: added csp.html template to theme head element

* feat: added my name to CONTRIBUTORS

* fix: added conditional logic for templating to stabilize build

* feat: Added CSP section to example config.toml

* fix: updated template logic

* updated contributors to reference website and not github

* fix conflict with contributors, moved csp out of _shared dir

Co-authored-by: Luiz F. A. de Prá <luizdepra@users.noreply.github.com>
This commit is contained in:
Alex Miranda
2021-01-22 11:26:30 -05:00
committed by GitHub
parent 74d160b325
commit edea1118eb
4 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CONTRIBUTORS.md
View File

@@ -90,3 +90,4 @@
- [JaeSang Yoo](https://github.com/JSYoo5B)
- [Felix](https://github.com/lazyyz)
- [Peter Duchnovsky](https://pduchnovsky.com)
- [Alex Miranda](https://ammiranda.com)

19
exampleSite/config.toml
View File

@@ -80,6 +80,25 @@ disqusShortname = "yourdiscussshortname"
[params.cloudflare]
token = "token"
# If you want to implement a Content-Security-Policy, add this section
[params.csp]
childsrc = ["'self'"]
fontsrc=["'self'",
"https://fonts.gstatic.com",
"https://cdn.jsdelivr.net/"]
formaction = ["'self'"]
framesrc = ["'self'"]
imgsrc = ["'self'"]
objectsrc = ["'none'"]
stylesrc = ["'self'",
"'unsafe-inline'",
"https://fonts.googleapis.com/",
"https://cdn.jsdelivr.net/"]
scriptsrc = ["'self'",
"'unsafe-inline'",
"https://www.google-analytics.com"]
prefetchsrc = ["'self'"]
[taxonomies]
category = "categories"
series = "series"

3
layouts/_default/baseof.html
View File

@@ -5,6 +5,9 @@
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Language" content="{{ .Site.Language.Lang }}">
{{ if .Site.Params.csp }}
{{ partial "csp.html" . }}
{{ end }}
{{ with .Site.Params.author }}<meta name="author" content="{{ . }}">{{ end }}
<meta name="description" content="{{ .Description | default (.Summary | default .Site.Params.description ) }}">

1
layouts/partials/csp.html Normal file
View File

@@ -0,0 +1 @@
{{ printf `<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; prefetch-src %s;">` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.prefetchsrc " ") | safeHTML }}