deepStateMirrors/tabi
1
0
Fork 1
mirror of https://github.com/welpo/tabi.git synced 2025-10-11 07:46:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: add support for giscus and utterances

Browse source
This commit is contained in:
welpo 2023-07-14 21:22:23 +02:00
parent 3e215e18e2
commit 5993e950c7
No known key found for this signature in database
GPG key ID: A2F978CF4EC1F5A6
20 changed files with 426 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

4
content/blog/security.md
View file

@ -1,7 +1,7 @@
+++
title = "Secure by default"
date = 2023-02-22
updated = 2023-07-12
updated = 2023-07-14
description = "tabi has an easily customizable Content Security Policy (CSP) with safe defaults. Get peace of mind and an A+ on Mozilla Observatory."
[taxonomies]
@ -27,6 +27,6 @@ The `allowed_domains` list specifies the URLs that the website should be able to
This feature allows you to easily customize the website's security headers to allow for specific use cases, such as embedding YouTube videos, loading scripts or remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)).
**Note**: enabling comments automatically allows scripts and frames from either utterances/giscus, as well as unsafe-inline styles when using utterances (required so that the widget can adjust its size based on the number of comments).
**Note**: [enabling comments](@/blog/comments.md) automatically allows scripts and frames from either utterances/giscus, as well as unsafe-inline styles when using utterances (required so that the frame can adjust its size based on the number of comments).
[^1]: Requires proper webserver configuration (e.g. redirecting HTTP traffic to HTTPS).