diff options
| author | Alan Pearce | 2024-05-29 17:47:49 +0200 |
|---|---|---|
| committer | Alan Pearce | 2024-05-29 17:47:49 +0200 |
| commit | cf38b8d92bde6dd349f286ccfff4a77db9513b50 (patch) | |
| tree | 3fb6c8126bc7e17a511ab0eff4aaa6390e4c0c0a | |
| parent | 200701c1bddae4b9a854579ced35cb6aa325ad63 (diff) | |
| download | website-cf38b8d92bde6dd349f286ccfff4a77db9513b50.tar.lz website-cf38b8d92bde6dd349f286ccfff4a77db9513b50.tar.zst website-cf38b8d92bde6dd349f286ccfff4a77db9513b50.zip | |
make Content-Security-Policy stricter
| -rw-r--r-- | config.toml | 12 | ||||
| -rw-r--r-- | templates/count.html | 2 |
2 files changed, 10 insertions, 4 deletions
diff --git a/config.toml b/config.toml index 70ed9f7..9f788e5 100644 --- a/config.toml +++ b/config.toml @@ -18,16 +18,22 @@ oidc_host = "https://id.alanpearce.eu/" default-src = [ "'none'", ] + form-action = [ + "'none'", + ] + base-uri = [ + "'none'", + ] image-src = [ "'self'", - "http://gc.zgo.at", + "https://gc.zgo.at", ] script-src = [ "'self'", - "http://gc.zgo.at", + "https://gc.zgo.at", ] style-src = [ - "'unsafe-inline'", + "'sha256-+7qCR9+91EXRy0dbbyuh8KDyQUJwTewM/EPr4b/IKoE='", ] frame-ancestors = [ "https://kagi.com", diff --git a/templates/count.html b/templates/count.html index 4694cba..46d5ac4 100644 --- a/templates/count.html +++ b/templates/count.html @@ -1,6 +1,6 @@ <body> <script data-goatcounter="https://alanpearce-eu.goatcounter.com/count" - async src="//gc.zgo.at/count.v4.js" crossorigin="anonymous" + async src="https://gc.zgo.at/count.v4.js" crossorigin="anonymous" integrity="sha384-nRw6qfbWyJha9LhsOtSb2YJDyZdKvvCFh0fJYlkquSFjUxp9FVNugbfy8q1jdxI+"></script> <noscript> <img src="https://alanpearce-eu.goatcounter.com/count?p=/updated-in-template.go" /> |