diff options
Diffstat (limited to 'themes/default/layouts/partials/head-csp.html')
| -rw-r--r-- | themes/default/layouts/partials/head-csp.html | 57 |
1 files changed, 17 insertions, 40 deletions
diff --git a/themes/default/layouts/partials/head-csp.html b/themes/default/layouts/partials/head-csp.html index 9519e14..d34043e 100644 --- a/themes/default/layouts/partials/head-csp.html +++ b/themes/default/layouts/partials/head-csp.html @@ -1,42 +1,19 @@ -{{ $upgrade := "" }} -{{ if .Site.Params.csp.upgrade }} - {{ $upgrade = "upgrade-insecure-requests;" }} -{{- end -}} - -<meta name="referrer" content="{{ .Site.Params.csp.referrer }}"> +<meta name="referrer" content="{{ .Site.Params.site.referrer }}" /> -{{ printf ` -<meta - http-equiv="Content-Security-Policy" - content=" - %s - block-all-mixed-content; - default-src 'self'; - child-src %s; - connect-src %s; - font-src %s; - form-action %s; - frame-src %s; - img-src %s; - media-src %s; - object-src %s; - prefetch-src %s; - script-src %s; - script-src-elem %s; - style-src %s; - ">` - ($upgrade) - (delimit .Site.Params.csp.childsrc " ") - (delimit .Site.Params.csp.connectsrc " ") - (delimit .Site.Params.csp.fontsrc " ") - (delimit .Site.Params.csp.formaction " ") - (delimit .Site.Params.csp.framesrc " ") - (delimit .Site.Params.csp.imgsrc " ") - (delimit .Site.Params.csp.mediasrc " ") - (delimit .Site.Params.csp.objectsrc " ") - (delimit .Site.Params.csp.prefetchsrc " ") - (delimit .Site.Params.csp.scriptsrc " ") - (delimit .Site.Params.csp.scriptsrcelem " ") - (delimit .Site.Params.csp.stylesrc " ") - | safeHTML }} +{{ with .Site.Params.csp -}} +<meta http-equiv="Content-Security-Policy" +{{- printf ` content="` | safeHTMLAttr }} +{{ range $policy, $list := . -}} +{{- if reflect.IsSlice $list -}} +{{- print $policy | safeHTMLAttr }} +{{- range $list -}} +{{ print " " . | safeHTMLAttr }} +{{- end }}; +{{ else }} +{{- print $policy ";" | safeHTMLAttr }} +{{ end }} +{{- end -}} +{{- printf `"` | safeHTMLAttr -}} +/> +{{ end -}} |