deepStateMirrors/tabi
1
0
Fork 1
mirror of https://github.com/welpo/tabi.git synced 2025-10-11 07:46:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat(csp): add webmention support to content security policy

Browse source 
- include webmention.io in connect-src when webmention system is enabled
- ensure compatibility with webmention services by updating CSP directives
This commit is contained in:
Jeremiah Russell 2025-02-12 13:01:04 +00:00
parent 4f6b64129a
commit a663de6dac
No known key found for this signature in database
GPG key ID: E576B835ACE207E5
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
templates/partials/content_security_policy.html
View file

@ -54,6 +54,12 @@ content="default-src 'self'
{%- set script_src = script_src ~ " " ~ " cdn.jsdelivr.net" -%}
{%- endif -%}
{#- Check if a webmention system is enabled to allow the necessary domains and directives -#}
{%- set webmention_enabled = config.extra.webmentions.enabled -%}
{%- if webmention_enabled -%}
{%- set connect_src = connect_src ~ " webmention.io" -%}
{%- endif -%}
{#- Append WebSocket for Zola serve mode -#}
{%- if config.mode == "serve" -%}
{%- set connect_src = connect_src ~ " ws:" -%}