deepStateMirrors/tabi
1
0
Fork 1
mirror of https://github.com/welpo/tabi.git synced 2025-12-14 11:48:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🐛 fix(CSP): Add cdn.jsdelivr.net back to media-src

Browse source 
This was needed after all
This commit is contained in:
Poolitzer 2025-11-27 17:26:03 +01:00 committed by GitHub
parent e48088626e
commit 349b22790a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config.toml
View file

@ -171,6 +171,7 @@ post_listing_date = "date"
# Enable iine like buttons on all posts: https://iine.to/ # Enable iine like buttons on all posts: https://iine.to/
# Can be set at page or section levels, following the hierarchy: page > section > config. See: https://welpo.github.io/tabi/blog/mastering-tabi-settings/#settings-hierarchy # Can be set at page or section levels, following the hierarchy: page > section > config. See: https://welpo.github.io/tabi/blog/mastering-tabi-settings/#settings-hierarchy
# Note: Needs "https://cdn.jsdelivr.net/" at the directive = "script-src" for CSP
iine = true iine = true
iine_icon = "thumbs_up" # See https://iine.to/#customise iine_icon = "thumbs_up" # See https://iine.to/#customise
# Unify like counts across all language versions of the same page. # Unify like counts across all language versions of the same page.
@ -352,10 +353,11 @@ footer_menu = [
# Default config, allows for https remote images and embedding YouTube and Vimeo content. # Default config, allows for https remote images and embedding YouTube and Vimeo content.
# This configuration (along with the right webserver settings) gets an A+ in Mozilla's Observatory: https://observatory.mozilla.org # This configuration (along with the right webserver settings) gets an A+ in Mozilla's Observatory: https://observatory.mozilla.org
# Note: to use a Zola built-in syntax highlighting theme, allow unsafe-inline for style-src. # Note: to use a Zola built-in syntax highlighting theme, allow unsafe-inline for style-src.
# Note: cdn.jsdelivr.net/ is used in this deployment to show a video as well as load iine
allowed_domains = [ allowed_domains = [
{ directive = "font-src", domains = ["'self'", "data:"] }, { directive = "font-src", domains = ["'self'", "data:"] },
{ directive = "img-src", domains = ["'self'", "https://*", "data:"] }, { directive = "img-src", domains = ["'self'", "https://*", "data:"] },
{ directive = "media-src", domains = ["'self'"] }, { directive = "media-src", domains = ["'self'", "https://cdn.jsdelivr.net/"] },
{ directive = "script-src", domains = ["'self'", "https://cdn.jsdelivr.net/"] }, { directive = "script-src", domains = ["'self'", "https://cdn.jsdelivr.net/"] },
{ directive = "style-src", domains = ["'self'"] }, { directive = "style-src", domains = ["'self'"] },
{ directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com"] }, { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com"] },