deepStateMirrors/tabi
1
0
Fork 1
mirror of https://github.com/welpo/tabi.git synced 2025-12-17 04:48:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

📝 docs: add Hyvor Talk comments mention

Browse source
This commit is contained in:
welpo 2023-07-17 22:11:42 +02:00
parent 4b43229d0a
commit f859113c81
No known key found for this signature in database
GPG key ID: A2F978CF4EC1F5A6
3 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
content/blog/security.md
View file

@ -1,7 +1,7 @@
+++
title = "Secure by default"
date = 2023-02-22
updated = 2023-07-14
updated = 2023-07-17
description = "tabi has an easily customizable Content Security Policy (CSP) with safe defaults. Get peace of mind and an A+ on Mozilla Observatory."
[taxonomies]
@ -27,6 +27,6 @@ The `allowed_domains` list specifies the URLs that the website should be able to
This feature allows you to easily customize the website's security headers to allow for specific use cases, such as embedding YouTube videos, loading scripts or remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)).
**Note**: [enabling comments](@/blog/comments.md) automatically allows scripts and frames from either utterances/giscus, as well as unsafe-inline styles when using utterances (required so that the frame can adjust its size based on the number of comments).
**Note**: [enabling comments](@/blog/comments.md) automatically allows scripts and frames from the comment system, as well as unsafe-inline styles when using utterances or Hyvor Talk.
[^1]: Requires proper webserver configuration (e.g. redirecting HTTP traffic to HTTPS).