diff options
author | tdro <tdro@noreply.example.com> | 2022-07-22 00:36:28 -0400 |
---|---|---|
committer | tdro <tdro@noreply.example.com> | 2022-07-22 00:36:28 -0400 |
commit | ed919681f324ed070445cfae8f1dd662b09f81b8 (patch) | |
tree | 7f0af59b4021907b24f77e9966e7a7145dc227a6 /themes/default/layouts/partials/base-csp.html | |
parent | 19a6a9bef26c6c41f3f9b6f3ceda375a8a045a30 (diff) | |
download | canory-ed919681f324ed070445cfae8f1dd662b09f81b8.tar.gz canory-ed919681f324ed070445cfae8f1dd662b09f81b8.tar.bz2 canory-ed919681f324ed070445cfae8f1dd662b09f81b8.zip |
themes/default/layouts: Name spacing and template clean up
Diffstat (limited to 'themes/default/layouts/partials/base-csp.html')
-rw-r--r-- | themes/default/layouts/partials/base-csp.html | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/themes/default/layouts/partials/base-csp.html b/themes/default/layouts/partials/base-csp.html new file mode 100644 index 0000000..9519e14 --- /dev/null +++ b/themes/default/layouts/partials/base-csp.html @@ -0,0 +1,42 @@ +{{ $upgrade := "" }} + +{{ if .Site.Params.csp.upgrade }} + {{ $upgrade = "upgrade-insecure-requests;" }} +{{- end -}} + +<meta name="referrer" content="{{ .Site.Params.csp.referrer }}"> + +{{ printf ` +<meta + http-equiv="Content-Security-Policy" + content=" + %s + block-all-mixed-content; + default-src 'self'; + child-src %s; + connect-src %s; + font-src %s; + form-action %s; + frame-src %s; + img-src %s; + media-src %s; + object-src %s; + prefetch-src %s; + script-src %s; + script-src-elem %s; + style-src %s; + ">` + ($upgrade) + (delimit .Site.Params.csp.childsrc " ") + (delimit .Site.Params.csp.connectsrc " ") + (delimit .Site.Params.csp.fontsrc " ") + (delimit .Site.Params.csp.formaction " ") + (delimit .Site.Params.csp.framesrc " ") + (delimit .Site.Params.csp.imgsrc " ") + (delimit .Site.Params.csp.mediasrc " ") + (delimit .Site.Params.csp.objectsrc " ") + (delimit .Site.Params.csp.prefetchsrc " ") + (delimit .Site.Params.csp.scriptsrc " ") + (delimit .Site.Params.csp.scriptsrcelem " ") + (delimit .Site.Params.csp.stylesrc " ") + | safeHTML }} |