Browse Source

refactor(feature/csp): add worker-src for csp

also update csp directives to facilitate miner in docs
pull/149/head
Josh Habdas 1 year ago
parent
commit
cfd4e5f680
Signed by: jhabdas GPG Key ID: B148B31154C75A74
3 changed files with 16 additions and 1 deletions
  1. +11
    -0
      docs/config.toml
  2. +1
    -0
      docs/content/feature/content-security-policy.md
  3. +4
    -1
      layouts/partials/meta/content-security-policy.html

+ 11
- 0
docs/config.toml View File

@ -40,16 +40,27 @@ footnoteReturnLinkContents = "↩" # Provides a nicer footnote return link
hidden = false # Optional, set false or remove to show section menu
[params.security.csp.directives]
workerSrc = [
"'self'",
"blob:"
]
connectSrc = [
"'self'",
"wss:",
"data:"
]
mediaSrc = [
"https://jhabdas.keybase.pub"
]
scriptSrc = [
"'self'",
"'unsafe-inline'",
"'unsafe-eval'",
"https:",
"'sha512-Jx/MqTxYWqHdoOkHItRJJZCvFDhERPr5gG4I5ESu3V+BgQyAQ6wXfdsGzhzmT0yyvkAWz2jbrn81q90RRJTSTg=='",
"'sha512-hno7WeTIciCJSjg/myjyK30HYkrcGCVwo4g4SpUalvrs3r2lS7bPNIQwbCNypKbg7BZ1sA4AsGnk6Gq4NOKpGA=='",
"'sha512-ISTAV0GadOIz/NXXHOS+eCM0ysXVVHhQTlvA6LJxz/DeA5yIxm0Vqf5IE+WH0yuuXkayAKtoZkQ326nch5f/fg=='",
"'sha512-VcgUV40yC63NPTwc43S34Yr3YnyVURl4rAQvU7+FMe1xF9StT5IVQWQPkE4KAH7NlQfb4Dy/ivf0Y5g7trYVdA=='",
"'strict-dynamic'"
]

+ 1
- 0
docs/content/feature/content-security-policy.md View File

@ -54,6 +54,7 @@ Directive | Mapping | Advanced Default
--- | --- | ---
default-src | defaultSrc | 'none'
connect-src | connectSrc | 'self'
worker-src | workerSrc | 'self'
font-src | fontSrc | 'self'
media-src | mediaSrc | 'self'
img-src | imgSrc | 'self' data:

+ 4
- 1
layouts/partials/meta/content-security-policy.html View File

@ -10,6 +10,9 @@
{{ else }} 'none'{{ end }};connect-src{{ if $site_directives.connectsrc }}
{{- range $site_directives.connectsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.connectsrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'self'{{ end }};worker-src{{ if $site_directives.workersrc }}
{{- range $site_directives.workersrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.workersrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'self'{{ end }};font-src{{ if $site_directives.fontsrc }}
{{- range $site_directives.fontsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.fontsrc }} {{ . | safeHTML }}{{ end -}}
@ -34,5 +37,5 @@
{{ else }} 'none'{{ end }};">
{{ end }}
{{ else if not $is_disabled }}
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; connect-src 'self' wss: data:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'">
{{ end }}

Loading…
Cancel
Save