From 5d1753b7c6d60c5eb981a702c8dd73837dbcccee Mon Sep 17 00:00:00 2001
From: tdro <tdro@noreply.example.com>
Date: Thu, 6 Oct 2022 14:18:58 -0400
Subject: themes/default/layouts/partials/base-head: Crudely serialize policy

To add new rules without changing source code. Allow setting
robots meta tag.
---
 config.yaml | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

(limited to 'config.yaml')

diff --git a/config.yaml b/config.yaml
index b14283e..d135044 100644
--- a/config.yaml
+++ b/config.yaml
@@ -77,7 +77,9 @@ markup:
 params:
   site:
     production: false
+    referrer: no-referrer
     refresh:
+    robots: index,follow
   webmanifest:
     name: Micro Blog
     shortName: Micro
@@ -86,21 +88,23 @@ params:
     display: standalone
     logo: data/media/logo.png
   csp:
-    upgrade: false
-    referrer: no-referrer
-    childsrc: ["'self'"]
-    fontsrc: ["'self'"]
-    formaction: ["'self'", lite.duckduckgo.com]
-    framesrc: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com,
+    block-all-mixed-content: ''
+    child-src: ["'self'"]
+    connect-src: ["'self'"]
+    default-src: ["'self'"]
+    font-src: ["'self'"]
+    form-action: ["'self'", lite.duckduckgo.com]
+    frame-src: ["'self'", imgur.com, www.youtube-nocookie.com, platform.twitter.com,
       en.m.wikipedia.org, odysee.com, docs.google.com]
-    imgsrc: ["'self'", http://preview.test, imgs.xkcd.com]
-    mediasrc: ["'self'", raw.githubusercontent.com, i.imgur.com]
-    objectsrc: ["'none'"]
-    prefetchsrc: ["'self'"]
-    scriptsrc: ["'self'", s.imgur.com, platform.twitter.com]
-    scriptsrcelem: ["'self'", s.imgur.com, platform.twitter.com]
-    stylesrc: ["'self'", "'unsafe-inline'", http://preview.test]
-    connectsrc: ["'self'"]
+    img-src: ["'self'", http://preview.test, imgs.xkcd.com]
+    manifest-src: ["'self'"]
+    media-src: ["'self'", raw.githubusercontent.com, i.imgur.com]
+    object-src: ["'none'"]
+    prefetch-src: ["'self'"]
+    script-src-elem: ["'self'", s.imgur.com, platform.twitter.com]
+    script-src: ["'self'", s.imgur.com, platform.twitter.com]
+    style-src: ["'self'", "'unsafe-inline'", http://preview.test]
+    worker-src: ["'self'"]
   search:
     verification:
       google:
-- 
cgit v1.2.3