skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Standards recommend we use HTTP headers for our CSP

Browse source 
Let's do that.
This commit is contained in:
justcool393 2023-07-27 21:50:38 -05:00 committed by Ben Rog-Wilhelm
parent 614d94652c
commit 2f0ed92318
7 changed files with 16 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

10
files/templates/chat.html
View file

@ -1,16 +1,10 @@
<!DOCTYPE html>
<html lang="en">
<head>
{% include "analytics.html" %}
<meta name="description" content="{{config('DESCRIPTION')}}">
{% include "csp.html" %}
<meta charset="utf-8">
{% include "analytics.html" %}
<meta name="description" content="{{config('DESCRIPTION')}}">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="author" content="">
<link id="favicon" rel="icon" type="image/png" href="{{ ('images/'~SITE_ID~'/icon.webp') | asset }}">
<title>Chat</title>

1
files/templates/csp.html
View file

@ -1 +0,0 @@
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.analytics.google.com; object-src 'none'; img-src 'self' *.google-analytics.com *.analytics.google.com">

3
files/templates/default.html
View file

@ -3,11 +3,8 @@
<html lang="en">
<head>
{% include "analytics.html" %}
<link rel="alternate" type="application/rss+xml" title="The Motte RSS" href="/rss">
<meta name="description" content="{{config('DESCRIPTION')}}">
{% include "csp.html" %}
<script src="{{ 'js/bootstrap.js' | asset }}"></script>
<script src="{{ 'js/micromodal.js' | asset }}"></script>
{% if v %}

1
files/templates/login/authforms.html
View file

@ -3,7 +3,6 @@
<head>
<meta charset="utf-8">
{% include "analytics.html" %}
{% include "csp.html" %}
<meta name="description" content="{{config('DESCRIPTION')}}">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>{% block pagetitle %}{{SITE_TITLE}}{% endblock %}</title>

6
files/templates/settings.html
View file

@ -2,18 +2,14 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
{% include "analytics.html" %}
<meta name="description" content="{{config('DESCRIPTION')}}">
{% include "csp.html" %}
<script src="{{ 'js/bootstrap.js' | asset }}"></script>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="author" content="">
<link rel="icon" type="image/png" href="{{ ('images/'~SITE_ID~'/icon.webp') | asset }}">
<title>{% block pagetitle %}Settings - {{SITE_TITLE}}{% endblock %}</title>

8
files/templates/submit.html
View file

@ -2,19 +2,13 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
{% include "analytics.html" %}
<meta name="description" content="{{config('DESCRIPTION')}}">
{% include "csp.html" %}
<script src="{{ 'js/bootstrap.js' | asset }}"></script>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="author" content="">
<link rel="icon" type="image/png" href="{{ ('images/'~SITE_ID~'/icon.webp') | asset }}">
{% block title %}
<title>Create a post - {{SITE_TITLE}}</title>
{% endblock %}