eric/ericxliu-me
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5b0d9a761d3cf2b8e301f9e544069ccdd2489ad6
ericxliu-me/layouts/_partials/csp.html
Eric Liu 5b0d9a761d
All checks were successful
Hugo Publish CI / build-and-deploy (push) Successful in 22s
Details
feat: Add Content Security Policy, enhance author information display with TypeIt animation, and include an RSS social link.
2025-12-20 10:59:32 -08:00

13 lines
844 B
HTML
Raw Blame History

<!-- CSP OVERRIDE ACTIVE -->
{{ $policy := "default-src 'self';" }}
{{ if not hugo.IsServer }}
{{ $policy = "upgrade-insecure-requests; block-all-mixed-content; default-src 'self';" }}
{{ end }}
{{ $scriptsrc := printf "%s https://unpkg.com" (delimit .Site.Params.csp.scriptsrc " ") }}
{{ printf `
<meta http-equiv="Content-Security-Policy"
content="%s child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; connect-src %s;">
` $policy (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit
.Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit
.Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") $scriptsrc (delimit .Site.Params.csp.connectsrc
" ") | safeHTML }}
Reference in New Issue View Git Blame Copy Permalink