diff options
author | tdro <tdro@noreply.example.com> | 2022-10-06 14:18:58 -0400 |
---|---|---|
committer | tdro <tdro@noreply.example.com> | 2022-10-06 14:18:58 -0400 |
commit | 5d1753b7c6d60c5eb981a702c8dd73837dbcccee (patch) | |
tree | 3de27209a24168d2cb1b4cbd631f630057a834bd /config.yaml | |
parent | bf80275fd5dcf253cbf09c31492c7bc101421016 (diff) | |
download | canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.gz canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.bz2 canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.zip |
themes/default/layouts/partials/base-head: Crudely serialize policy
To add new rules without changing source code. Allow setting
robots meta tag.
Diffstat (limited to 'config.yaml')
-rw-r--r-- | config.yaml | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/config.yaml b/config.yaml index b14283e..d135044 100644 --- a/config.yaml +++ b/config.yaml @@ -77,7 +77,9 @@ markup: params: site: production: false + referrer: no-referrer refresh: + robots: index,follow webmanifest: name: Micro Blog shortName: Micro @@ -86,21 +88,23 @@ params: display: standalone logo: data/media/logo.png csp: - upgrade: false - referrer: no-referrer - childsrc: ["'self'"] - fontsrc: ["'self'"] - formaction: ["'self'", lite.duckduckgo.com] - framesrc: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com, + block-all-mixed-content: '' + child-src: ["'self'"] + connect-src: ["'self'"] + default-src: ["'self'"] + font-src: ["'self'"] + form-action: ["'self'", lite.duckduckgo.com] + frame-src: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com, en.m.wikipedia.org, odysee.com, docs.google.com] - imgsrc: ["'self'", http://preview.test, imgs.xkcd.com] - mediasrc: ["'self'", raw.githubusercontent.com, i.imgur.com] - objectsrc: ["'none'"] - prefetchsrc: ["'self'"] - scriptsrc: ["'self'", s.imgur.com, platform.twitter.com] - scriptsrcelem: ["'self'", s.imgur.com, platform.twitter.com] - stylesrc: ["'self'", "'unsafe-inline'", http://preview.test] - connectsrc: ["'self'"] + img-src: ["'self'", http://preview.test, imgs.xkcd.com] + manifest-src: ["'self'"] + media-src: ["'self'", raw.githubusercontent.com, i.imgur.com] + object-src: ["'none'"] + prefetch-src: ["'self'"] + script-src-elem: ["'self'", s.imgur.com, platform.twitter.com] + script-src: ["'self'", s.imgur.com, platform.twitter.com] + style-src: ["'self'", "'unsafe-inline'", http://preview.test] + worker-src: ["'self'"] search: verification: google: |