eric/ericxliu-me
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Content Security Policy, enhance author information display with TypeIt animation, and include an RSS social link.
All checks were successful
Hugo Publish CI / build-and-deploy (push) Successful in 22s
Details

Browse Source
This commit is contained in:
Eric X. Liu
2025-12-20 10:59:32 -08:00
parent f374adac0c
commit 5b0d9a761d
3 changed files with 75 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
config.toml
View File

@@ -12,6 +12,12 @@ enableTwemoji = true
enableGitInfo = true enableGitInfo = true
enableRobotsTXT = true enableRobotsTXT = true
[taxonomies]
category = "categories"
series = "series"
tag = "tags"
author = "authors"
# Disqus comments configuration # Disqus comments configuration
[services] [services]
[services.disqus] [services.disqus]
@@ -85,7 +91,7 @@ style = "github-dark"
[params] # theme parameters [params] # theme parameters
author = "Eric X. Liu" author = "Eric X. Liu"
info = "Software & Performance Engineer @Google" info = ["Software & Performance Engineer @Google", "Open Source Contributor", "Tech Enthusiast"]
description = "Eric X. Liu - Software & Performance Engineer at Google. Sharing insights about software engineering, performance optimization, tech industry experiences, mountain biking adventures, Jeep overlanding, and outdoor activities." description = "Eric X. Liu - Software & Performance Engineer at Google. Sharing insights about software engineering, performance optimization, tech industry experiences, mountain biking adventures, Jeep overlanding, and outdoor activities."
keywords = "software engineer, performance engineering, Google engineer, tech blog, software development, performance optimization, Eric Liu, engineering blog, mountain biking, Jeep enthusiast, overlanding, camping, outdoor adventures" keywords = "software engineer, performance engineering, Google engineer, tech blog, software development, performance optimization, Eric Liu, engineering blog, mountain biking, Jeep enthusiast, overlanding, camping, outdoor adventures"
avatarurl = "images/gravatar.png" avatarurl = "images/gravatar.png"
@@ -143,6 +149,33 @@ style = "github-dark"
filename = "sitemap.xml" filename = "sitemap.xml"
priority = 0.5 priority = 0.5
# If you want to implement a Content-Security-Policy, add this section
[params.csp]
childsrc = ["'self'"]
fontsrc = ["'self'", "https://fonts.gstatic.com", "https://cdn.jsdelivr.net/"]
formaction = ["'self'"]
framesrc = ["'self'", "https://www.youtube.com"]
imgsrc = ["'self'"]
objectsrc = ["'none'"]
stylesrc = [
"'self'",
"'unsafe-inline'",
"https://fonts.googleapis.com/",
"https://cdn.jsdelivr.net/",
]
scriptsrc = [
"'self'",
"'unsafe-inline'",
"https://www.google-analytics.com",
"https://cdn.jsdelivr.net/",
"https://pagead2.googlesyndication.com",
"https://static.cloudflareinsights.com",
"https://unpkg.com",
]
prefetchsrc = ["'self'"]
# connect-src directive defines valid targets for to XMLHttpRequest (AJAX), WebSockets or EventSource
connectsrc = ["'self'", "https://www.google-analytics.com", "https://pagead2.googlesyndication.com", "https://cloudflareinsights.com", "ws://localhost:1313", "ws://localhost:*", "wss://localhost:*"]
# Social links # Social links
[[params.social]] [[params.social]]
name = "Git" name = "Git"
@@ -158,6 +191,13 @@ style = "github-dark"
name = "Personal email" name = "Personal email"
icon = "fa fa-envelope fa-2x" icon = "fa fa-envelope fa-2x"
weight = 3 weight = 3
[[params.social]]
name = "RSS"
icon = "fa-solid fa-rss fa-2x"
weight = 6
url = "https://ericxliu.me/index.xml"
rel = "alternate"
type = "application/rss+xml"
# Menu links # Menu links
[languages] [languages]

13
layouts/_partials/csp.html Normal file
View File

@@ -0,0 +1,13 @@
<!-- CSP OVERRIDE ACTIVE -->
{{ $policy := "default-src 'self';" }}
{{ if not hugo.IsServer }}
{{ $policy = "upgrade-insecure-requests; block-all-mixed-content; default-src 'self';" }}
{{ end }}
{{ $scriptsrc := printf "%s https://unpkg.com" (delimit .Site.Params.csp.scriptsrc " ") }}
{{ printf `
<meta http-equiv="Content-Security-Policy"
content="%s child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; connect-src %s;">
` $policy (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit
.Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit
.Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") $scriptsrc (delimit .Site.Params.csp.connectsrc
" ") | safeHTML }}

21
layouts/_partials/home/author.html Normal file
View File

@@ -0,0 +1,21 @@
<h1>{{ .Site.Params.author }}</h1>
{{ if .Site.Params.info }}
<h2 id="typeit-info"></h2>
<script src="https://unpkg.com/typeit@8.7.1/dist/index.umd.js"></script>
<script>
document.addEventListener("DOMContentLoaded", function () {
new TypeIt("#typeit-info", {
strings: {{ .Site.Params.info | jsonify | safeJS }},
speed: 50,
loop: true,
breakLines: false,
nextStringDelay: 2000,
deleteSpeed: 50,
startDelay: 500,
lifeLike: true
}).go();
});
</script>
{{ end }}