yigitcolakoglu
/
fr1nge.xyz
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
1 Branch
8.0 MiB
 
 
 
 
 
Tree: 5e5bc8ce81
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5e5bc8ce81'
${ noResults }
fr1nge.xyz/themes/after-dark/layouts/partials/meta/content-security-policy.html

60 lines
3.7 KiB
Raw Blame History

{{/*
Copyright (C) 2019 Josh Habdas <jhabdas@protonmail.com>
This file is part of After Dark.
After Dark is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
After Dark is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ -}}
{{ $is_disabled := .Param "disable_csp" }}
{{ $site_directives := .Site.Params.security.csp.directives }}
{{ if and $site_directives (ne $is_disabled true) }}
{{ if ge (len $site_directives) 1 }}
<meta
http-equiv="Content-Security-Policy"
content="default-src{{ if $site_directives.defaultsrc }}
{{- range $site_directives.defaultsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.defaultsrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'none'{{ end }};connect-src{{ if $site_directives.connectsrc }}
{{- range $site_directives.connectsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.connectsrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'self'{{ end }};worker-src{{ if $site_directives.workersrc }}
{{- range $site_directives.workersrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.workersrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'self'{{ end }};font-src{{ if $site_directives.fontsrc }}
{{- range $site_directives.fontsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.fontsrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'self'{{ end }};media-src{{ if $site_directives.mediasrc }}
{{- range $site_directives.mediasrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.mediasrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'self'{{ end }};img-src{{ if $site_directives.imgsrc }}
{{- range $site_directives.imgsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.imgsrc }} {{ . | safeHTML }}{{ end -}}
{{ else }} 'self' data:{{ end }};script-src{{ if $site_directives.scriptsrc }}
{{- range $site_directives.scriptsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.scriptsrc }} {{ . | safeHTML }} {{ end -}}
{{ else }} 'none'{{ end }};style-src{{ if $site_directives.stylesrc }}
{{- range $site_directives.stylesrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.stylesrc }} {{ . | safeHTML }} {{ end -}}
{{ else }} 'self' 'unsafe-inline'{{ end }};frame-src{{ if $site_directives.framesrc }}
{{- range $site_directives.framesrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.framesrc }} {{ . | safeHTML }} {{ end -}}
{{ else }} 'self'{{ end }};object-src{{ if $site_directives.objectsrc }}
{{- range $site_directives.objectsrc }} {{ . | safeHTML }}{{ end -}}
{{- range .Params.security.csp.directives.objectsrc }} {{ . | safeHTML }} {{ end -}}
{{ else }} 'none'{{ end }};">
{{ end }}
{{ else if not $is_disabled }}
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; connect-src 'self' wss: data:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'">
{{ end }}