use a table to configure CSP headers
1 file changed, 34 insertions(+), 1 deletion(-)
jump to
M config.toml → config.toml
@@ -15,10 +15,43 @@ name = "tags" feed = true +[content-security-policy] +default-src = [ + "'none'", +] +form-action = [ + "'none'", +] +base-uri = [ + "'none'", +] +image-src = [ + "'self'", + "https://gc.zgo.at", +] +script-src = [ + "'self'", + "https://gc.zgo.at", +] +style-src = [ + # index.html style + "'sha256-a4TPKWHB0aSu7cV10GthTEySTJ0w4r0bw6Q8JsNYMbk='", + # atom.xml style + "'sha256-gyxzfgCOxeAAL8URUdaW2nHYDOr9bzbwFjgSqi7D+8U='", +] +frame-ancestors = [ + "https://kagi.com", +] +connect-src = [ + "https://alanpearce-eu.goatcounter.com/count", +] +require-trusted-types-for = [ + "'script'", +] + [extra.headers] cache-control = "max-age=14400" x-content-type-options = "nosniff" -content-security-policy = "default-src 'none'; img-src 'self' https://gc.zgo.at; script-src 'self' https://gc.zgo.at; style-src 'unsafe-inline'; frame-ancestors https://kagi.com; connect-src https://alanpearce-eu.goatcounter.com/count; require-trusted-types-for 'script'" [[menus.main]] name = "Home"