Eric Liu
5b0d9a761d
All checks were successful
Hugo Publish CI / build-and-deploy (push) Successful in 22s
13 lines
844 B
HTML
13 lines
844 B
HTML
<!-- CSP OVERRIDE ACTIVE -->
|
|
{{ $policy := "default-src 'self';" }}
|
|
{{ if not hugo.IsServer }}
|
|
{{ $policy = "upgrade-insecure-requests; block-all-mixed-content; default-src 'self';" }}
|
|
{{ end }}
|
|
{{ $scriptsrc := printf "%s https://unpkg.com" (delimit .Site.Params.csp.scriptsrc " ") }}
|
|
{{ printf `
|
|
<meta http-equiv="Content-Security-Policy"
|
|
content="%s child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; connect-src %s;">
|
|
` $policy (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit
|
|
.Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit
|
|
.Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") $scriptsrc (delimit .Site.Params.csp.connectsrc
|
|
" ") | safeHTML }} |