make Content-Security-Policy stricter
2 files changed, 10 insertions(+), 4 deletions(-)
changed files
M config.toml → config.toml
@@ -18,16 +18,22 @@ [content-security-policy] default-src = [ "'none'", ] + form-action = [ + "'none'", + ] + base-uri = [ + "'none'", + ] image-src = [ "'self'", - "http://gc.zgo.at", + "https://gc.zgo.at", ] script-src = [ "'self'", - "http://gc.zgo.at", + "https://gc.zgo.at", ] style-src = [ - "'unsafe-inline'", + "'sha256-+7qCR9+91EXRy0dbbyuh8KDyQUJwTewM/EPr4b/IKoE='", ] frame-ancestors = [ "https://kagi.com",
M templates/count.html → templates/count.html
@@ -1,6 +1,6 @@ <body> <script data-goatcounter="https://alanpearce-eu.goatcounter.com/count" - async src="//gc.zgo.at/count.v4.js" crossorigin="anonymous" + async src="https://gc.zgo.at/count.v4.js" crossorigin="anonymous" integrity="sha384-nRw6qfbWyJha9LhsOtSb2YJDyZdKvvCFh0fJYlkquSFjUxp9FVNugbfy8q1jdxI+"></script> <noscript> <img src="https://alanpearce-eu.goatcounter.com/count?p=/updated-in-template.go" />