From 2fe40c752b4272484972f141e406fbcb7fa0cdb8 Mon Sep 17 00:00:00 2001 From: tdro Date: Sat, 3 Dec 2022 01:02:40 -0500 Subject: themes/default/layouts/shortcodes/video.html: Default to self always To avoid hotlinking by mistake. Support media start and end fragments (https://www.w3.org/TR/media-frags/) separately. Add remote parameter for offloading to source --- config.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'config.toml') diff --git a/config.toml b/config.toml index 386076b..e8e9778 100644 --- a/config.toml +++ b/config.toml @@ -108,14 +108,14 @@ enableRobotsTXT = true default-src = ["'self'"] font-src = ["'self'"] form-action = ["'self'", "lite.duckduckgo.com"] - frame-src = ["'self'", "imgur.com", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "www.gutenberg.org"] + frame-src = ["'self'", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "www.gutenberg.org"] img-src = ["'self'", "http://preview.test", "www.gutenberg.org"] manifest-src = ["'self'"] - media-src = ["'self'", "raw.githubusercontent.com", "i.imgur.com"] + media-src = ["'self'"] object-src = ["'self'", "www.gutenberg.org"] prefetch-src = ["'self'"] - script-src-elem = ["'self'", "s.imgur.com", "platform.twitter.com"] - script-src = ["'self'", "s.imgur.com", "platform.twitter.com"] + script-src-elem = ["'self'", "platform.twitter.com"] + script-src = ["'self'", "platform.twitter.com"] style-src = ["'self'", "'unsafe-inline'", "http://preview.test"] worker-src = ["'self'"] -- cgit v1.2.3