use a table to configure CSP headers

1 files changed, 34 insertions, 1 deletions

diff --git a/config.toml b/config.toml
index 17f3fb0..056353c 100644
--- a/config.toml
+++ b/config.toml
@@ -15,10 +15,43 @@ name = "tags"
 feed = true
 
 
+[content-security-policy]
+default-src = [
+  "'none'",
+]
+form-action = [
+  "'none'",
+]
+base-uri = [
+  "'none'",
+]
+image-src = [
+  "'self'",
+  "https://gc.zgo.at",
+]
+script-src = [
+  "'self'",
+  "https://gc.zgo.at",
+]
+style-src = [
+  # index.html style
+  "'sha256-a4TPKWHB0aSu7cV10GthTEySTJ0w4r0bw6Q8JsNYMbk='",
+  # atom.xml style
+  "'sha256-gyxzfgCOxeAAL8URUdaW2nHYDOr9bzbwFjgSqi7D+8U='",
+]
+frame-ancestors = [
+  "https://kagi.com",
+]
+connect-src = [
+  "https://alanpearce-eu.goatcounter.com/count",
+]
+require-trusted-types-for = [
+  "'script'",
+]
+
 [extra.headers]
 cache-control = "max-age=14400"
 x-content-type-options = "nosniff"
-content-security-policy = "default-src 'none'; img-src 'self' https://gc.zgo.at; script-src 'self' https://gc.zgo.at; style-src 'unsafe-inline'; frame-ancestors https://kagi.com; connect-src https://alanpearce-eu.goatcounter.com/count; require-trusted-types-for 'script'"
 
 [[menus.main]]
     name = "Home"