mirror of https://github.com/luizdepra/hugo-coder.git
parent: 74d160b3 | patch | commit | ignore whitespace
Alex Miranda
22.26.2021 edea1118eb7af3a3cb87b5c1524cdd583c468cf9 
Adds Content-Security-Policy template to theme (#504)

* feat: added csp.html template to theme head element

* feat: added my name to CONTRIBUTORS

* fix: added conditional logic for templating to stabilize build

* feat: Added CSP section to example config.toml

* fix: updated template logic

* updated contributors to reference website and not github

* fix conflict with contributors, moved csp out of _shared dir

Co-authored-by: Luiz F. A. de PrĂ¡ <luizdepra@users.noreply.github.com>
3 files modified
1 files added
24 ■■■■■ changed files
CONTRIBUTORS.md 1 ●●●● patch | view | raw | blame | history
exampleSite/config.toml 19 ●●●●● patch | view | raw | blame | history
layouts/_default/baseof.html 3 ●●●●● patch | view | raw | blame | history
layouts/partials/csp.html 1 ●●●● patch | view | raw | blame | history 
 CONTRIBUTORS.md


@@ -90,3 +90,4 @@


- [JaeSang Yoo](https://github.com/JSYoo5B)


- [Felix](https://github.com/lazyyz)


- [Peter Duchnovsky](https://pduchnovsky.com)


- [Alex Miranda](https://ammiranda.com)




 exampleSite/config.toml


@@ -80,6 +80,25 @@


[params.cloudflare]


    token = "token"




# If you want to implement a Content-Security-Policy, add this section


[params.csp]


    childsrc = ["'self'"]


    fontsrc=["'self'",


        "https://fonts.gstatic.com",


        "https://cdn.jsdelivr.net/"]


    formaction = ["'self'"]


    framesrc = ["'self'"]


    imgsrc = ["'self'"]


    objectsrc = ["'none'"]


    stylesrc = ["'self'",


        "'unsafe-inline'",


        "https://fonts.googleapis.com/",


        "https://cdn.jsdelivr.net/"]


    scriptsrc = ["'self'",


        "'unsafe-inline'",


        "https://www.google-analytics.com"]


    prefetchsrc = ["'self'"]




[taxonomies]


  category = "categories"


  series = "series"




 layouts/_default/baseof.html


@@ -5,6 +5,9 @@


    <meta charset="utf-8">


    <meta name="viewport" content="width=device-width, initial-scale=1.0">


    <meta http-equiv="Content-Language" content="{{ .Site.Language.Lang }}">


    {{ if .Site.Params.csp }}


      {{ partial "csp.html" . }}


    {{ end }}




    {{ with .Site.Params.author }}<meta name="author" content="{{ . }}">{{ end }}


    <meta name="description" content="{{ .Description | default (.Summary | default .Site.Params.description ) }}">




 layouts/partials/csp.html


New file


@@ -0,0 +1 @@


{{ printf `<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; prefetch-src %s;">` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.prefetchsrc " ") | safeHTML }}