Remove prefetch-src. (#883)
### Prerequisites
- [x] This pull request fixes a bug.
- [ ] This pull request adds a feature.
- [ ] This pull request introduces breaking change.
### Description
Removes (delimit .Site.Params.csp.prefetchsrc " ") from
layouts/partials/csp.html.
### Issues Resolved
#881
### Checklist
#### General
- [x] Describe what changes are being made
- [x] Explain why and how the changes were necessary and implemented
respectively
- [x] Reference issue with `#<ISSUE_NO>` if applicable
#### Resources
- [ ] If you have changed any SCSS code, run `make release` to
regenerate all CSS files
#### Contributors
- [x] Add yourself to `CONTRIBUTORS.md` if you aren't on it already
| | |
|---|
| | | | objectsrc | string list | Yes | | `["'self'"]` | |
|---|
| | | | stylesrc | string list | Yes | | `["'self'"]` | |
|---|
| | | | scriptsrc | string list | Yes | | `["'self'"]` | |
|---|
| | | | prefetchsrc | string list | Yes | | `["'self'"]` | |
|---|
| | | | connectsrc | string list | Yes | | `["'self'"]` | |
|---|
| | | |
|---|
| | | An example: |
|---|
| | | |
|---|
| | |
|---|
| | | "'unsafe-inline'", |
|---|
| | | "https://www.google-analytics.com" |
|---|
| | | ] |
|---|
| | | prefetchsrc = ["'self'"] |
|---|
| | | # connect-src directive – defines valid targets for XMLHttpRequest (AJAX), WebSockets or EventSource |
|---|
| | | connectsrc = ["'self'"] |
|---|
| | | ``` |
|---|
| | | |
|---|
| | | ## Complete Example |
|---|
| | |
|---|
| | | {{ printf `<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; prefetch-src %s; connect-src %s;">` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.prefetchsrc " ") (delimit .Site.Params.csp.connectsrc " ") | safeHTML }} |
|---|
| | | {{ printf `<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; connect-src %s;">` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.connectsrc " ") | safeHTML }} |
|---|
