themes/default/layouts/partials/base-head: Crudely serialize policy

To add new rules without changing source code. Allow setting
robots meta tag.

1 files changed, 18 insertions, 14 deletions

diff --git a/config.yaml b/config.yaml
index b14283e..d135044 100644
--- a/config.yaml
+++ b/config.yaml
@@ -77,7 +77,9 @@ markup:
 params:
   site:
     production: false
+    referrer: no-referrer
     refresh:
+    robots: index,follow
   webmanifest:
     name: Micro Blog
     shortName: Micro
@@ -86,21 +88,23 @@ params:
     display: standalone
     logo: data/media/logo.png
   csp:
-    upgrade: false
-    referrer: no-referrer
-    childsrc: ["'self'"]
-    fontsrc: ["'self'"]
-    formaction: ["'self'", lite.duckduckgo.com]
-    framesrc: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com,
+    block-all-mixed-content: ''
+    child-src: ["'self'"]
+    connect-src: ["'self'"]
+    default-src: ["'self'"]
+    font-src: ["'self'"]
+    form-action: ["'self'", lite.duckduckgo.com]
+    frame-src: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com,
       en.m.wikipedia.org, odysee.com, docs.google.com]
-    imgsrc: ["'self'", http://preview.test, imgs.xkcd.com]
-    mediasrc: ["'self'", raw.githubusercontent.com, i.imgur.com]
-    objectsrc: ["'none'"]
-    prefetchsrc: ["'self'"]
-    scriptsrc: ["'self'", s.imgur.com, platform.twitter.com]
-    scriptsrcelem: ["'self'", s.imgur.com, platform.twitter.com]
-    stylesrc: ["'self'", "'unsafe-inline'", http://preview.test]
-    connectsrc: ["'self'"]
+    img-src: ["'self'", http://preview.test, imgs.xkcd.com]
+    manifest-src: ["'self'"]
+    media-src: ["'self'", raw.githubusercontent.com, i.imgur.com]
+    object-src: ["'none'"]
+    prefetch-src: ["'self'"]
+    script-src-elem: ["'self'", s.imgur.com, platform.twitter.com]
+    script-src: ["'self'", s.imgur.com, platform.twitter.com]
+    style-src: ["'self'", "'unsafe-inline'", http://preview.test]
+    worker-src: ["'self'"]
   search:
     verification:
       google: