themes/default/layouts: Name spacing and template clean up

1 files changed, 42 insertions, 0 deletions

diff --git a/themes/default/layouts/partials/base-csp.html b/themes/default/layouts/partials/base-csp.html
new file mode 100644
index 0000000..9519e14
--- /dev/null
+++ b/themes/default/layouts/partials/base-csp.html
@@ -0,0 +1,42 @@
+{{ $upgrade := "" }}
+
+{{ if .Site.Params.csp.upgrade }}
+  {{ $upgrade = "upgrade-insecure-requests;" }}
+{{- end -}}
+
+<meta name="referrer" content="{{ .Site.Params.csp.referrer }}">
+
+{{ printf `
+<meta
+  http-equiv="Content-Security-Policy"
+  content="
+    %s
+    block-all-mixed-content;
+    default-src     'self';
+    child-src       %s;
+    connect-src     %s;
+    font-src        %s;
+    form-action     %s;
+    frame-src       %s;
+    img-src         %s;
+    media-src       %s;
+    object-src      %s;
+    prefetch-src    %s;
+    script-src      %s;
+    script-src-elem %s;
+    style-src       %s;
+  ">`
+    ($upgrade)
+    (delimit .Site.Params.csp.childsrc      " ")
+    (delimit .Site.Params.csp.connectsrc    " ")
+    (delimit .Site.Params.csp.fontsrc       " ")
+    (delimit .Site.Params.csp.formaction    " ")
+    (delimit .Site.Params.csp.framesrc      " ")
+    (delimit .Site.Params.csp.imgsrc        " ")
+    (delimit .Site.Params.csp.mediasrc      " ")
+    (delimit .Site.Params.csp.objectsrc     " ")
+    (delimit .Site.Params.csp.prefetchsrc   " ")
+    (delimit .Site.Params.csp.scriptsrc     " ")
+    (delimit .Site.Params.csp.scriptsrcelem " ")
+    (delimit .Site.Params.csp.stylesrc      " ")
+  | safeHTML }}