diff options
author | Alan Pearce | 2023-09-02 10:38:26 +0200 |
---|---|---|
committer | Alan Pearce | 2023-09-02 10:52:21 +0200 |
commit | d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe (patch) | |
tree | 885910a674ed0008902d6a751c2f722ed18d5572 /templates/security_tags.html | |
parent | 1706ade7a4d2161072028aa37dc0af574853a56f (diff) | |
download | zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.tar.lz zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.tar.zst zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.zip |
Add content-security-policy header-equivalent meta tag
Diffstat (limited to 'templates/security_tags.html')
-rw-r--r-- | templates/security_tags.html | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/templates/security_tags.html b/templates/security_tags.html new file mode 100644 index 0000000..721d511 --- /dev/null +++ b/templates/security_tags.html @@ -0,0 +1,2 @@ +<!-- These tags are here for demostration. It's recommended to send them via HTTP headers instead. --> +<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"> |