diff options
| author | tdro <tdro@noreply.example.com> | 2022-10-06 14:18:58 -0400 |
|---|---|---|
| committer | tdro <tdro@noreply.example.com> | 2022-10-06 14:18:58 -0400 |
| commit | 5d1753b7c6d60c5eb981a702c8dd73837dbcccee (patch) | |
| tree | 3de27209a24168d2cb1b4cbd631f630057a834bd /config.toml | |
| parent | bf80275fd5dcf253cbf09c31492c7bc101421016 (diff) | |
| download | canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.gz canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.bz2 canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.zip | |
themes/default/layouts/partials/base-head: Crudely serialize policy
To add new rules without changing source code. Allow setting
robots meta tag.
Diffstat (limited to 'config.toml')
| -rw-r--r-- | config.toml | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/config.toml b/config.toml index 99fde46..6b6fdcd 100644 --- a/config.toml +++ b/config.toml @@ -88,6 +88,8 @@ enableRobotsTXT = true [params.site] production = false + referrer = "no-referrer" + robots = "index,follow" [params.webmanifest] name = "Micro Blog" @@ -98,20 +100,22 @@ enableRobotsTXT = true logo = "data/media/logo.png" [params.csp] - upgrade = false - referrer = "no-referrer" - childsrc = ["'self'"] - fontsrc = ["'self'"] - formaction = ["'self'", "lite.duckduckgo.com"] - framesrc = ["'self'", "imgur.com", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "docs.google.com"] - imgsrc = ["'self'", "http://preview.test", "imgs.xkcd.com"] - mediasrc = ["'self'", "raw.githubusercontent.com", "i.imgur.com"] - objectsrc = ["'none'"] - prefetchsrc = ["'self'"] - scriptsrc = ["'self'", "s.imgur.com", "platform.twitter.com"] - scriptsrcelem = ["'self'", "s.imgur.com", "platform.twitter.com"] - stylesrc = ["'self'", "'unsafe-inline'", "http://preview.test"] - connectsrc = ["'self'"] + block-all-mixed-content = "" + child-src = ["'self'"] + connect-src = ["'self'"] + default-src = ["'self'"] + font-src = ["'self'"] + form-action = ["'self'", "lite.duckduckgo.com"] + frame-src = ["'self'", "imgur.com", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "docs.google.com"] + img-src = ["'self'", "http://preview.test", "imgs.xkcd.com"] + manifest-src = ["'self'"] + media-src = ["'self'", "raw.githubusercontent.com", "i.imgur.com"] + object-src = ["'none'"] + prefetch-src = ["'self'"] + script-src-elem = ["'self'", "s.imgur.com", "platform.twitter.com"] + script-src = ["'self'", "s.imgur.com", "platform.twitter.com"] + style-src = ["'self'", "'unsafe-inline'", "http://preview.test"] + worker-src = ["'self'"] [params.search] |