diff options
author | tdro <tdro@noreply.example.com> | 2022-10-06 14:18:58 -0400 |
---|---|---|
committer | tdro <tdro@noreply.example.com> | 2022-10-06 14:18:58 -0400 |
commit | 5d1753b7c6d60c5eb981a702c8dd73837dbcccee (patch) | |
tree | 3de27209a24168d2cb1b4cbd631f630057a834bd /themes | |
parent | bf80275fd5dcf253cbf09c31492c7bc101421016 (diff) | |
download | canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.gz canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.tar.bz2 canory-5d1753b7c6d60c5eb981a702c8dd73837dbcccee.zip |
themes/default/layouts/partials/base-head: Crudely serialize policy
To add new rules without changing source code. Allow setting
robots meta tag.
Diffstat (limited to 'themes')
-rw-r--r-- | themes/default/layouts/partials/base-csp.html | 60 | ||||
-rw-r--r-- | themes/default/layouts/partials/base-head.html | 2 |
2 files changed, 23 insertions, 39 deletions
diff --git a/themes/default/layouts/partials/base-csp.html b/themes/default/layouts/partials/base-csp.html index 9519e14..55719d8 100644 --- a/themes/default/layouts/partials/base-csp.html +++ b/themes/default/layouts/partials/base-csp.html @@ -1,42 +1,26 @@ -{{ $upgrade := "" }} -{{ if .Site.Params.csp.upgrade }} - {{ $upgrade = "upgrade-insecure-requests;" }} -{{- end -}} +<meta name="referrer" content="{{ .Site.Params.site.referrer }}"> + +{{- if .Site.Params.csp }} -<meta name="referrer" content="{{ .Site.Params.csp.referrer }}"> +{{ + $policy := .Site.Params.csp + | jsonify + | replaceRE "\":\"\",\"" ";\n" + | replaceRE "{\"" "" + | replaceRE "\"],\"" ";\n" + | replaceRE "\",\"" " " + | replaceRE "\":\\[\"" " " + | replaceRE "\"]}" ";" + | replaceRE "\":\"\"}" ";" + | plainify +-}} {{ printf ` -<meta - http-equiv="Content-Security-Policy" - content=" - %s - block-all-mixed-content; - default-src 'self'; - child-src %s; - connect-src %s; - font-src %s; - form-action %s; - frame-src %s; - img-src %s; - media-src %s; - object-src %s; - prefetch-src %s; - script-src %s; - script-src-elem %s; - style-src %s; - ">` - ($upgrade) - (delimit .Site.Params.csp.childsrc " ") - (delimit .Site.Params.csp.connectsrc " ") - (delimit .Site.Params.csp.fontsrc " ") - (delimit .Site.Params.csp.formaction " ") - (delimit .Site.Params.csp.framesrc " ") - (delimit .Site.Params.csp.imgsrc " ") - (delimit .Site.Params.csp.mediasrc " ") - (delimit .Site.Params.csp.objectsrc " ") - (delimit .Site.Params.csp.prefetchsrc " ") - (delimit .Site.Params.csp.scriptsrc " ") - (delimit .Site.Params.csp.scriptsrcelem " ") - (delimit .Site.Params.csp.stylesrc " ") - | safeHTML }} +<meta http-equiv="Content-Security-Policy" content=" +%s +">` +$policy | safeHTML +}} + +{{- end -}} diff --git a/themes/default/layouts/partials/base-head.html b/themes/default/layouts/partials/base-head.html index 7672f22..3ef919e 100644 --- a/themes/default/layouts/partials/base-head.html +++ b/themes/default/layouts/partials/base-head.html @@ -15,7 +15,7 @@ {{ if or .Params.Unlisted .Params.ExpiryDate -}} <meta name="robots" content="noindex,nofollow"> {{- else -}} -<meta name="robots" content="index,follow"> +<meta name="robots" content="{{ or .Site.Params.site.robots "index,follow" }}"> {{- end }} <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="keywords" content="{{- partial "base-title.html" . -}}"> |