From 5d1753b7c6d60c5eb981a702c8dd73837dbcccee Mon Sep 17 00:00:00 2001
From: tdro <tdro@noreply.example.com>
Date: Thu, 6 Oct 2022 14:18:58 -0400
Subject: themes/default/layouts/partials/base-head: Crudely serialize policy

To add new rules without changing source code. Allow setting
robots meta tag.
---
 config.toml | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

(limited to 'config.toml')

diff --git a/config.toml b/config.toml
index 99fde46..6b6fdcd 100644
--- a/config.toml
+++ b/config.toml
@@ -88,6 +88,8 @@ enableRobotsTXT = true
 
   [params.site]
     production = false
+    referrer = "no-referrer"
+    robots = "index,follow"
 
   [params.webmanifest]
     name = "Micro Blog"
@@ -98,20 +100,22 @@ enableRobotsTXT = true
     logo = "data/media/logo.png"
 
   [params.csp]
-    upgrade = false
-    referrer = "no-referrer"
-    childsrc = ["'self'"]
-    fontsrc = ["'self'"]
-    formaction = ["'self'", "lite.duckduckgo.com"]
-    framesrc = ["'self'", "imgur.com", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "docs.google.com"]
-    imgsrc = ["'self'", "http://preview.test", "imgs.xkcd.com"]
-    mediasrc = ["'self'", "raw.githubusercontent.com", "i.imgur.com"]
-    objectsrc = ["'none'"]
-    prefetchsrc = ["'self'"]
-    scriptsrc = ["'self'", "s.imgur.com", "platform.twitter.com"]
-    scriptsrcelem = ["'self'", "s.imgur.com", "platform.twitter.com"]
-    stylesrc = ["'self'", "'unsafe-inline'", "http://preview.test"]
-    connectsrc = ["'self'"]
+    block-all-mixed-content = ""
+    child-src = ["'self'"]
+    connect-src = ["'self'"]
+    default-src = ["'self'"]
+    font-src = ["'self'"]
+    form-action = ["'self'", "lite.duckduckgo.com"]
+    frame-src = ["'self'", "imgur.com", "www.youtube-nocookie.com", "platform.twitter.com", "en.m.wikipedia.org", "odysee.com", "docs.google.com"]
+    img-src = ["'self'", "http://preview.test", "imgs.xkcd.com"]
+    manifest-src = ["'self'"]
+    media-src = ["'self'", "raw.githubusercontent.com", "i.imgur.com"]
+    object-src = ["'none'"]
+    prefetch-src = ["'self'"]
+    script-src-elem = ["'self'", "s.imgur.com", "platform.twitter.com"]
+    script-src = ["'self'", "s.imgur.com", "platform.twitter.com"]
+    style-src = ["'self'", "'unsafe-inline'", "http://preview.test"]
+    worker-src = ["'self'"]
 
   [params.search]
 
-- 
cgit v1.2.3