From 349b22790a929bc0750bd7b242a211b650867c28 Mon Sep 17 00:00:00 2001 From: Poolitzer Date: Thu, 27 Nov 2025 17:26:03 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(CSP):=20Add=20cdn.jsdelivr.n?= =?UTF-8?q?et=20back=20to=20media-src?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was needed after all --- config.toml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config.toml b/config.toml index 0ff3e992..de1b954f 100644 --- a/config.toml +++ b/config.toml @@ -171,6 +171,7 @@ post_listing_date = "date" # Enable iine like buttons on all posts: https://iine.to/ # Can be set at page or section levels, following the hierarchy: page > section > config. See: https://welpo.github.io/tabi/blog/mastering-tabi-settings/#settings-hierarchy +# Note: Needs "https://cdn.jsdelivr.net/" at the directive = "script-src" for CSP iine = true iine_icon = "thumbs_up" # See https://iine.to/#customise # Unify like counts across all language versions of the same page. @@ -352,10 +353,11 @@ footer_menu = [ # Default config, allows for https remote images and embedding YouTube and Vimeo content. # This configuration (along with the right webserver settings) gets an A+ in Mozilla's Observatory: https://observatory.mozilla.org # Note: to use a Zola built-in syntax highlighting theme, allow unsafe-inline for style-src. +# Note: cdn.jsdelivr.net/ is used in this deployment to show a video as well as load iine allowed_domains = [ { directive = "font-src", domains = ["'self'", "data:"] }, { directive = "img-src", domains = ["'self'", "https://*", "data:"] }, - { directive = "media-src", domains = ["'self'"] }, + { directive = "media-src", domains = ["'self'", "https://cdn.jsdelivr.net/"] }, { directive = "script-src", domains = ["'self'", "https://cdn.jsdelivr.net/"] }, { directive = "style-src", domains = ["'self'"] }, { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com"] },