From 943d8597b5aa37f3ee23905c5c85e2ca4f0ed455 Mon Sep 17 00:00:00 2001
From: Sammy <sammy.tahtah@gmail.com>
Date: Wed, 24 Jan 2024 14:39:07 +0000
Subject: [PATCH] Remove prefetch-src. (#883)

---
 docs/configurations.md    |    5 +++--
 layouts/partials/csp.html |    2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/configurations.md b/docs/configurations.md
index c6b378a..7300400 100644
--- a/docs/configurations.md
+++ b/docs/configurations.md
@@ -204,7 +204,7 @@
 | objectsrc      | string list | Yes      |             | `["'self'"]`                    |
 | stylesrc       | string list | Yes      |             | `["'self'"]`                    |
 | scriptsrc      | string list | Yes      |             | `["'self'"]`                    |
-| prefetchsrc    | string list | Yes      |             | `["'self'"]`                    |
+| connectsrc     | string list | Yes      |             | `["'self'"]`                    |
 
 An example:
 
@@ -231,7 +231,8 @@
     "'unsafe-inline'",
     "https://www.google-analytics.com"
   ]
-  prefetchsrc = ["'self'"]
+  # connect-src directive – defines valid targets for XMLHttpRequest (AJAX), WebSockets or EventSource
+  connectsrc = ["'self'"]
 ```
 
 ## Complete Example
diff --git a/layouts/partials/csp.html b/layouts/partials/csp.html
index e9238a4..ba6d255 100644
--- a/layouts/partials/csp.html
+++ b/layouts/partials/csp.html
@@ -1 +1 @@
-{{ printf `<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; prefetch-src %s; connect-src %s;">` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.prefetchsrc " ") (delimit .Site.Params.csp.connectsrc " ") | safeHTML }}
+{{ printf `<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; child-src %s; font-src %s; form-action %s; frame-src %s; img-src %s; object-src %s; style-src %s; script-src %s; connect-src %s;">` (delimit .Site.Params.csp.childsrc " ") (delimit .Site.Params.csp.fontsrc " ") (delimit .Site.Params.csp.formaction " ") (delimit .Site.Params.csp.framesrc " ") (delimit .Site.Params.csp.imgsrc " ") (delimit .Site.Params.csp.objectsrc " ") (delimit .Site.Params.csp.stylesrc " ") (delimit .Site.Params.csp.scriptsrc " ") (delimit .Site.Params.csp.connectsrc " ") | safeHTML }}

--
Gitblit v1.10.0