diff options
author | tdro <tdro@noreply.example.com> | 2022-05-07 04:19:22 -0400 |
---|---|---|
committer | tdro <tdro@noreply.example.com> | 2022-05-07 04:19:22 -0400 |
commit | e9a9c8b2bdcd39dc7b623c0412c91e18c2d01b0a (patch) | |
tree | b8b9c390a70b3cc0c47ad324019a51764ac20861 /themes/default/layouts/partials/head-csp.html | |
parent | f721601e676a752a76757f449242b876dbecb1d0 (diff) | |
download | canory-e9a9c8b2bdcd39dc7b623c0412c91e18c2d01b0a.tar.gz canory-e9a9c8b2bdcd39dc7b623c0412c91e18c2d01b0a.tar.bz2 canory-e9a9c8b2bdcd39dc7b623c0412c91e18c2d01b0a.zip |
config.yaml: Add search engine verification
Diffstat (limited to 'themes/default/layouts/partials/head-csp.html')
-rw-r--r-- | themes/default/layouts/partials/head-csp.html | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/themes/default/layouts/partials/head-csp.html b/themes/default/layouts/partials/head-csp.html new file mode 100644 index 0000000..d148498 --- /dev/null +++ b/themes/default/layouts/partials/head-csp.html @@ -0,0 +1,43 @@ +{{- $upgrade := "" -}} + +{{- if .Site.Params.csp.upgrade -}} + {{ $upgrade = "upgrade-insecure-requests;" }} +{{- end -}} + +<base href="{{ .Site.BaseURL }}"> +<meta name="referrer" content="{{ .Site.Params.csp.referrer }}"> + +{{ printf ` +<meta + http-equiv="Content-Security-Policy" + content=" + %s + block-all-mixed-content; + default-src 'self'; + child-src %s; + connect-src %s; + font-src %s; + form-action %s; + frame-src %s; + img-src %s; + media-src %s; + object-src %s; + prefetch-src %s; + script-src %s; + script-src-elem %s; + style-src %s; + ">` + ($upgrade) + (delimit .Site.Params.csp.childsrc " ") + (delimit .Site.Params.csp.connectsrc " ") + (delimit .Site.Params.csp.fontsrc " ") + (delimit .Site.Params.csp.formaction " ") + (delimit .Site.Params.csp.framesrc " ") + (delimit .Site.Params.csp.imgsrc " ") + (delimit .Site.Params.csp.mediasrc " ") + (delimit .Site.Params.csp.objectsrc " ") + (delimit .Site.Params.csp.prefetchsrc " ") + (delimit .Site.Params.csp.scriptsrc " ") + (delimit .Site.Params.csp.scriptsrcelem " ") + (delimit .Site.Params.csp.stylesrc " ") + | safeHTML }} |