all repos — zola-bearblog @ d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe

Port of bear blog theme to zola

Add content-security-policy header-equivalent meta tag

Alan Pearce
commit

d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe

parent

1706ade7a4d2161072028aa37dc0af574853a56f

2 files changed, 3 insertions(+), 0 deletions(-)

jump to
M templates/base.htmltemplates/base.html
@@ -1,6 +1,7 @@
 <!DOCTYPE html>
 <html lang="{{ lang | default(value="en-US" ) }}">
 <head>
+  {% include "security_tags.html" ignore missing %}
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   {% include "favicon.html" ignore missing -%}
A templates/security_tags.html
@@ -0,0 +1,2 @@
+<!-- These tags are here for demostration. It's recommended to send them via HTTP headers instead. -->
+<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'">