all repos — website @ cf38b8d92bde6dd349f286ccfff4a77db9513b50

My website

make Content-Security-Policy stricter
Alan Pearce alan@alanpearce.eu
Wed, 29 May 2024 17:47:49 +0200
commit

cf38b8d92bde6dd349f286ccfff4a77db9513b50

parent

200701c1bddae4b9a854579ced35cb6aa325ad63

2 files changed, 10 insertions(+), 4 deletions(-)

jump to
M config.tomlconfig.toml
@@ -18,16 +18,22 @@ [content-security-policy]   default-src = [
     "'none'",
   ]
+  form-action = [
+    "'none'",
+  ]
+  base-uri = [
+    "'none'",
+  ]
   image-src = [
     "'self'",
-    "http://gc.zgo.at",
+    "https://gc.zgo.at",
   ]
   script-src = [
     "'self'",
-    "http://gc.zgo.at",
+    "https://gc.zgo.at",
   ]
   style-src = [
-    "'unsafe-inline'",
+    "'sha256-+7qCR9+91EXRy0dbbyuh8KDyQUJwTewM/EPr4b/IKoE='",
   ]
   frame-ancestors = [
     "https://kagi.com",
M templates/count.htmltemplates/count.html
@@ -1,6 +1,6 @@ <body>
   <script data-goatcounter="https://alanpearce-eu.goatcounter.com/count"
-        async src="//gc.zgo.at/count.v4.js" crossorigin="anonymous"
+        async src="https://gc.zgo.at/count.v4.js" crossorigin="anonymous"
         integrity="sha384-nRw6qfbWyJha9LhsOtSb2YJDyZdKvvCFh0fJYlkquSFjUxp9FVNugbfy8q1jdxI+"></script>
   <noscript>
     <img src="https://alanpearce-eu.goatcounter.com/count?p=/updated-in-template.go" />