blob: a369069819bca81728c363cad48189cd51bb58e0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
{{ $upgrade := "" }}
{{ if .Site.Params.csp.upgrade }}
{{ $upgrade = "upgrade-insecure-requests;" }}
{{- end -}}
<base href="{{ .Site.BaseURL }}">
<meta name="referrer" content="{{ .Site.Params.csp.referrer }}">
{{ printf `
<meta
http-equiv="Content-Security-Policy"
content="
%s
block-all-mixed-content;
default-src 'self';
child-src %s;
connect-src %s;
font-src %s;
form-action %s;
frame-src %s;
img-src %s;
media-src %s;
object-src %s;
prefetch-src %s;
script-src %s;
script-src-elem %s;
style-src %s;
">`
($upgrade)
(delimit .Site.Params.csp.childsrc " ")
(delimit .Site.Params.csp.connectsrc " ")
(delimit .Site.Params.csp.fontsrc " ")
(delimit .Site.Params.csp.formaction " ")
(delimit .Site.Params.csp.framesrc " ")
(delimit .Site.Params.csp.imgsrc " ")
(delimit .Site.Params.csp.mediasrc " ")
(delimit .Site.Params.csp.objectsrc " ")
(delimit .Site.Params.csp.prefetchsrc " ")
(delimit .Site.Params.csp.scriptsrc " ")
(delimit .Site.Params.csp.scriptsrcelem " ")
(delimit .Site.Params.csp.stylesrc " ")
| safeHTML }}
|