eric/ericxliu-me
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Disqus domains to CSP framesrc, imgsrc, and connectsrc directives
All checks were successful
Hugo Publish CI / build-and-deploy (push) Successful in 38s
Details

Browse Source
This commit is contained in:
Eric X. Liu
2025-12-27 14:31:26 -08:00
parent 9ffc2bb9a7
commit 30f639d3c2
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config.toml
View File

@@ -154,8 +154,8 @@ style = "github-dark"
childsrc = ["'self'"]
fontsrc = ["'self'", "https://fonts.gstatic.com", "https://cdn.jsdelivr.net/"]
formaction = ["'self'"]
framesrc = ["'self'", "https://www.youtube.com"]
imgsrc = ["'self'"]
framesrc = ["'self'", "https://www.youtube.com", "https://disqus.com"]
imgsrc = ["'self'", "https://referrer.disqus.com", "https://c.disquscdn.com", "https://*.disqus.com"]
objectsrc = ["'none'"]
stylesrc = [
"'self'",
@@ -178,7 +178,7 @@ scriptsrc = [
]
prefetchsrc = ["'self'"]
# connect-src directive defines valid targets for to XMLHttpRequest (AJAX), WebSockets or EventSource
connectsrc = ["'self'", "https://www.google-analytics.com", "https://pagead2.googlesyndication.com", "https://cloudflareinsights.com", "ws://localhost:1313", "ws://localhost:*", "wss://localhost:*"]
connectsrc = ["'self'", "https://www.google-analytics.com", "https://pagead2.googlesyndication.com", "https://cloudflareinsights.com", "ws://localhost:1313", "ws://localhost:*", "wss://localhost:*", "https://links.services.disqus.com", "https://*.disqus.com"]
# Social links
[[params.social]]