themes/default/layouts/partials/base-head: Crudely serialize policy

To add new rules without changing source code. Allow setting robots meta tag.
author: tdro <tdro@noreply.example.com> 2022-10-06 14:18:58 -0400
committer: tdro <tdro@noreply.example.com> 2022-10-06 14:18:58 -0400
commit: 5d1753b7c6d60c5eb981a702c8dd73837dbcccee (patch)
tree: 3de27209a24168d2cb1b4cbd631f630057a834bd
parent: bf80275fd5dcf253cbf09c31492c7bc101421016 (diff)
download: canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.gz
canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.bz2
canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.zip
5 files changed, 84 insertions, 82 deletions
diff --git a/config.json b/config.json
index e7948bf..43ec38f 100644
--- a/config.json
+++ b/config.json
@@ -94,7 +94,9 @@
   "params": {
     "site": {
       "production": false,
-      "refresh": null
+      "referrer": "no-referrer",
+      "refresh": null,
+      "robots": "index,follow"
     },
     "webmanifest": {
       "name": "Micro Blog",
@@ -105,19 +107,24 @@
       "logo": "data/media/logo.png"
     },
     "csp": {
-      "upgrade": false,
-      "referrer": "no-referrer",
-      "childsrc": [
+      "block-all-mixed-content": "",
+      "child-src": [
+        "'self'"
+      ],
+      "connect-src": [
         "'self'"
       ],
-      "fontsrc": [
+      "default-src": [
         "'self'"
       ],
-      "formaction": [
+      "font-src": [
+        "'self'"
+      ],
+      "form-action": [
         "'self'",
         "lite.duckduckgo.com"
       ],
-      "framesrc": [
+      "frame-src": [
         "'self'",
         "imgur.com",
         "www.youtube-nocookie.com",
@@ -126,38 +133,41 @@
         "odysee.com",
         "docs.google.com"
       ],
-      "imgsrc": [
+      "img-src": [
         "'self'",
         "http://preview.test",
         "imgs.xkcd.com"
       ],
-      "mediasrc": [
+      "manifest-src": [
+        "'self'"
+      ],
+      "media-src": [
         "'self'",
         "raw.githubusercontent.com",
         "i.imgur.com"
       ],
-      "objectsrc": [
+      "object-src": [
         "'none'"
       ],
-      "prefetchsrc": [
+      "prefetch-src": [
         "'self'"
       ],
-      "scriptsrc": [
+      "script-src-elem": [
         "'self'",
         "s.imgur.com",
         "platform.twitter.com"
       ],
-      "scriptsrcelem": [
+      "script-src": [
         "'self'",
         "s.imgur.com",
         "platform.twitter.com"
       ],
-      "stylesrc": [
+      "style-src": [
         "'self'",
         "'unsafe-inline'",
         "http://preview.test"
       ],
-      "connectsrc": [
+      "worker-src": [
         "'self'"
       ]
     },
diff --git a/config.toml b/config.toml
index 99fde46..6b6fdcd 100644
--- a/config.toml
+++ b/config.toml
@@ -88,6 +88,8 @@ enableRobotsTXT = true
 
   [params.site]
     production = false
+    referrer = "no-referrer"
+    robots = "index,follow"
 
   [params.webmanifest]
     name = "Micro Blog"
@@ -98,20 +100,22 @@ enableRobotsTXT = true
     logo = "data/media/logo.png"
 
   [params.csp]
-    upgrade = false
-    referrer = "no-referrer"
-    childsrc = ["'self'"]
-    fontsrc = ["'self'"]
-    formaction = ["'self'", "lite.duckduckgo.com"]
-    framesrc = ["'self'", "imgur.com", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "docs.google.com"]
-    imgsrc = ["'self'", "http://preview.test", "imgs.xkcd.com"]
-    mediasrc = ["'self'", "raw.githubusercontent.com", "i.imgur.com"]
-    objectsrc = ["'none'"]
-    prefetchsrc = ["'self'"]
-    scriptsrc = ["'self'", "s.imgur.com", "platform.twitter.com"]
-    scriptsrcelem = ["'self'", "s.imgur.com", "platform.twitter.com"]
-    stylesrc = ["'self'", "'unsafe-inline'", "http://preview.test"]
-    connectsrc = ["'self'"]
+    block-all-mixed-content = ""
+    child-src = ["'self'"]
+    connect-src = ["'self'"]
+    default-src = ["'self'"]
+    font-src = ["'self'"]
+    form-action = ["'self'", "lite.duckduckgo.com"]
+    frame-src = ["'self'", "imgur.com", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "docs.google.com"]
+    img-src = ["'self'", "http://preview.test", "imgs.xkcd.com"]
+    manifest-src = ["'self'"]
+    media-src = ["'self'", "raw.githubusercontent.com", "i.imgur.com"]
+    object-src = ["'none'"]
+    prefetch-src = ["'self'"]
+    script-src-elem = ["'self'", "s.imgur.com", "platform.twitter.com"]
+    script-src = ["'self'", "s.imgur.com", "platform.twitter.com"]
+    style-src = ["'self'", "'unsafe-inline'", "http://preview.test"]
+    worker-src = ["'self'"]
 
   [params.search]
 
diff --git a/config.yaml b/config.yaml
index b14283e..d135044 100644
--- a/config.yaml
+++ b/config.yaml
@@ -77,7 +77,9 @@ markup:
 params:
   site:
     production: false
+    referrer: no-referrer
     refresh:
+    robots: index,follow
   webmanifest:
     name: Micro Blog
     shortName: Micro
@@ -86,21 +88,23 @@ params:
     display: standalone
     logo: data/media/logo.png
   csp:
-    upgrade: false
-    referrer: no-referrer
-    childsrc: ["'self'"]
-    fontsrc: ["'self'"]
-    formaction: ["'self'", lite.duckduckgo.com]
-    framesrc: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com,
+    block-all-mixed-content: ''
+    child-src: ["'self'"]
+    connect-src: ["'self'"]
+    default-src: ["'self'"]
+    font-src: ["'self'"]
+    form-action: ["'self'", lite.duckduckgo.com]
+    frame-src: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com,
       en.m.wikipedia.org, odysee.com, docs.google.com]
-    imgsrc: ["'self'", http://preview.test, imgs.xkcd.com]
-    mediasrc: ["'self'", raw.githubusercontent.com, i.imgur.com]
-    objectsrc: ["'none'"]
-    prefetchsrc: ["'self'"]
-    scriptsrc: ["'self'", s.imgur.com, platform.twitter.com]
-    scriptsrcelem: ["'self'", s.imgur.com, platform.twitter.com]
-    stylesrc: ["'self'", "'unsafe-inline'", http://preview.test]
-    connectsrc: ["'self'"]
+    img-src: ["'self'", http://preview.test, imgs.xkcd.com]
+    manifest-src: ["'self'"]
+    media-src: ["'self'", raw.githubusercontent.com, i.imgur.com]
+    object-src: ["'none'"]
+    prefetch-src: ["'self'"]
+    script-src-elem: ["'self'", s.imgur.com, platform.twitter.com]
+    script-src: ["'self'", s.imgur.com, platform.twitter.com]
+    style-src: ["'self'", "'unsafe-inline'", http://preview.test]
+    worker-src: ["'self'"]
   search:
     verification:
       google:
diff --git a/themes/default/layouts/partials/base-csp.html b/themes/default/layouts/partials/base-csp.html
index 9519e14..55719d8 100644
--- a/themes/default/layouts/partials/base-csp.html
+++ b/themes/default/layouts/partials/base-csp.html
@@ -1,42 +1,26 @@
-{{ $upgrade := "" }}
 
-{{ if .Site.Params.csp.upgrade }}
-  {{ $upgrade = "upgrade-insecure-requests;" }}
-{{- end -}}
+<meta name="referrer" content="{{ .Site.Params.site.referrer }}">
+
+{{- if .Site.Params.csp }}
 
-<meta name="referrer" content="{{ .Site.Params.csp.referrer }}">
+{{
+  $policy := .Site.Params.csp
+    | jsonify
+    | replaceRE "\":\"\",\"" ";\n"
+    | replaceRE "{\"" ""
+    | replaceRE "\"],\"" ";\n"
+    | replaceRE "\",\"" " "
+    | replaceRE "\":\\[\"" " "
+    | replaceRE "\"]}" ";"
+    | replaceRE "\":\"\"}" ";"
+    | plainify
+-}}
 
 {{ printf `
-<meta
-  http-equiv="Content-Security-Policy"
-  content="
-    %s
-    block-all-mixed-content;
-    default-src     'self';
-    child-src       %s;
-    connect-src     %s;
-    font-src        %s;
-    form-action     %s;
-    frame-src       %s;
-    img-src         %s;
-    media-src       %s;
-    object-src      %s;
-    prefetch-src    %s;
-    script-src      %s;
-    script-src-elem %s;
-    style-src       %s;
-  ">`
-    ($upgrade)
-    (delimit .Site.Params.csp.childsrc      " ")
-    (delimit .Site.Params.csp.connectsrc    " ")
-    (delimit .Site.Params.csp.fontsrc       " ")
-    (delimit .Site.Params.csp.formaction    " ")
-    (delimit .Site.Params.csp.framesrc      " ")
-    (delimit .Site.Params.csp.imgsrc        " ")
-    (delimit .Site.Params.csp.mediasrc      " ")
-    (delimit .Site.Params.csp.objectsrc     " ")
-    (delimit .Site.Params.csp.prefetchsrc   " ")
-    (delimit .Site.Params.csp.scriptsrc     " ")
-    (delimit .Site.Params.csp.scriptsrcelem " ")
-    (delimit .Site.Params.csp.stylesrc      " ")
-  | safeHTML }}
+<meta http-equiv="Content-Security-Policy" content="
+%s
+">`
+$policy | safeHTML
+}}
+
+{{- end -}}
diff --git a/themes/default/layouts/partials/base-head.html b/themes/default/layouts/partials/base-head.html
index 7672f22..3ef919e 100644
--- a/themes/default/layouts/partials/base-head.html
+++ b/themes/default/layouts/partials/base-head.html
@@ -15,7 +15,7 @@
 {{ if or .Params.Unlisted .Params.ExpiryDate -}}
 <meta name="robots" content="noindex,nofollow">
 {{- else -}}
-<meta name="robots" content="index,follow">
+<meta name="robots" content="{{ or .Site.Params.site.robots "index,follow" }}">
 {{- end }}
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <meta name="keywords" content="{{- partial "base-title.html" . -}}">
author	tdro <tdro@noreply.example.com>	2022-10-06 14:18:58 -0400
committer	tdro <tdro@noreply.example.com>	2022-10-06 14:18:58 -0400
commit	5d1753b7c6d60c5eb981a702c8dd73837dbcccee (patch)
tree	3de27209a24168d2cb1b4cbd631f630057a834bd
parent	bf80275fd5dcf253cbf09c31492c7bc101421016 (diff)
download	canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.gz canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.bz2 canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.zip