diff options
author | Alan Pearce | 2023-09-02 10:38:26 +0200 |
---|---|---|
committer | Alan Pearce | 2023-09-02 10:52:21 +0200 |
commit | d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe (patch) | |
tree | 885910a674ed0008902d6a751c2f722ed18d5572 /templates | |
parent | 1706ade7a4d2161072028aa37dc0af574853a56f (diff) | |
download | zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.tar.lz zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.tar.zst zola-bearblog-d69e95a01c254ed616b0c4e5a1f8bfdcec7b00fe.zip |
Add content-security-policy header-equivalent meta tag
Diffstat (limited to 'templates')
-rw-r--r-- | templates/base.html | 1 | ||||
-rw-r--r-- | templates/security_tags.html | 2 |
2 files changed, 3 insertions, 0 deletions
diff --git a/templates/base.html b/templates/base.html index 4ba8442..02fdfe6 100644 --- a/templates/base.html +++ b/templates/base.html @@ -1,6 +1,7 @@ <!DOCTYPE html> <html lang="{{ lang | default(value="en-US" ) }}"> <head> + {% include "security_tags.html" ignore missing %} <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> {% include "favicon.html" ignore missing -%} diff --git a/templates/security_tags.html b/templates/security_tags.html new file mode 100644 index 0000000..721d511 --- /dev/null +++ b/templates/security_tags.html @@ -0,0 +1,2 @@ +<!-- These tags are here for demostration. It's recommended to send them via HTTP headers instead. --> +<meta http-equiv="Content-Security-Policy" content="default-src 'none'; img-src 'self'; object-src 'none'; script-src 'none'; style-src 'unsafe-inline'; frame-ancestors 'none'"> |