about summary refs log tree commit diff stats
path: root/templates
diff options
context:
space:
mode:
authorAlan Pearce2023-09-02 10:38:26 +0200
committerAlan Pearce2023-09-02 10:52:21 +0200
commitd69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe (patch)
tree885910a674ed0008902d6a751c2f722ed18d5572 /templates
parent1706ade7a4d2161072028aa37dc0af574853a56f (diff)
downloadzola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.tar.lz
zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.tar.zst
zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.zip
Add content-security-policy header-equivalent meta tag
Diffstat (limited to 'templates')
-rw-r--r--templates/base.html1
-rw-r--r--templates/security_tags.html2
2 files changed, 3 insertions, 0 deletions
diff --git a/templates/base.html b/templates/base.html
index 4ba8442..02fdfe6 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -1,6 +1,7 @@
 <!DOCTYPE html>
 <html lang="{{ lang | default(value="en-US" ) }}">
 <head>
+  {% include "security_tags.html" ignore missing %}
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   {% include "favicon.html" ignore missing -%}
diff --git a/templates/security_tags.html b/templates/security_tags.html
new file mode 100644
index 0000000..721d511
--- /dev/null
+++ b/templates/security_tags.html
@@ -0,0 +1,2 @@
+<!-- These tags are here for demostration. It's recommended to send them via HTTP headers instead. -->
+<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'">