deepStateMirrors/tabi
1
0
Fork 1
mirror of https://github.com/welpo/tabi.git synced 2025-11-23 02:00:25 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
tabi/es/blog/security/index.html
GitHub Actions f1040b2aa6 Deploy welpo/tabi to welpo/tabi:gh-pages
2025-11-22 16:30:18 +00:00

11 lines
No EOL
22 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=es><head><meta charset=UTF-8><meta content="default-src 'self';font-src 'self' data:;img-src 'self' https://* data:;media-src 'self' https://cdn.jsdelivr.net/;style-src 'self';frame-src player.vimeo.com https://www.youtube-nocookie.com;connect-src 'self' https://tabi-stats.osc.garden vhiweeypifbwacashxjz.supabase.co;script-src 'self' https://tabi-stats.osc.garden cdn.jsdelivr.net 'self'" http-equiv=Content-Security-Policy><meta content="width=device-width,initial-scale=1.0" name=viewport><meta content=https://welpo.github.io/tabi name=base><title>
~/tabi • Seguro por defecto</title><link href=https://welpo.github.io/tabi/img/seedling.png rel=icon type=image/png><link href='data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><text y="50%" x="50%" dominant-baseline="central" text-anchor="middle" font-size="88">🌱</text></svg>' rel=icon><link title="~/tabi - Atom Feed" href=https://welpo.github.io/tabi/atom.xml rel=alternate type=application/atom+xml><link href="https://welpo.github.io/tabi/custom_subset.css?h=0b9535a28bc3d5bf2321" rel=stylesheet><link href="https://welpo.github.io/tabi/main.css?h=3716ab3457d2dd050b3c" rel=stylesheet><meta content="light dark" name=color-scheme><meta content=#087e96 name=theme-color><meta content="tabi tiene una Política de Seguridad de Contenido (CSP) fácilmente personalizable con configuraciones seguras. Obtén tranquilidad y una calificación de A+ en Mozilla Observatory." name=description><meta content="tabi tiene una Política de Seguridad de Contenido (CSP) fácilmente personalizable con configuraciones seguras. Obtén tranquilidad y una calificación de A+ en Mozilla Observatory." property=og:description><meta content="Seguro por defecto" property=og:title><meta content=article property=og:type><meta content="https://welpo.github.io/tabi/blog/security/social_cards/es_blog_security.jpg?h=71783221edf3cdf5096f" property=og:image><meta content=1400 property=og:image:width><meta content=800 property=og:image:height><meta content="https://welpo.github.io/tabi/blog/security/social_cards/es_blog_security.jpg?h=71783221edf3cdf5096f" name=twitter:image><meta content=summary_large_image name=twitter:card><meta content=en_GB property=og:locale:alternate><link href=https://welpo.github.io/tabi/blog/security/ hreflang=en rel=alternate><meta content=ca_ES property=og:locale:alternate><link href=https://welpo.github.io/tabi/ca/blog/security/ hreflang=ca rel=alternate><meta content=es_ES property=og:locale:alternate><link href=https://welpo.github.io/tabi/es/blog/security/ hreflang=es rel=alternate><meta content=https://welpo.github.io/tabi/es/blog/security/ property=og:url><meta content=~/tabi property=og:site_name><noscript><link href=https://welpo.github.io/tabi/no_js.css rel=stylesheet></noscript><script src=https://welpo.github.io/tabi/js/initializeTheme.min.js></script><script defer src=https://welpo.github.io/tabi/js/themeSwitcher.min.js></script><script async data-goatcounter=https://tabi-stats.osc.garden/count src=https://tabi-stats.osc.garden/count.js></script><script src="https://welpo.github.io/tabi/js/searchElasticlunr.min.js?h=3626c0ef99daa745b31e" defer></script><script defer src=https://welpo.github.io/tabi/js/lunr/lunrStemmerSupport.min.js></script><script defer src=https://welpo.github.io/tabi/js/lunr/lunr.es.min.js></script><body><a href=#main-content id=skip-link>Saltar al contenido</a><header><nav class=navbar><div class=nav-title><a class=home-title href=https://welpo.github.io/tabi/es/>~/tabi</a></div><div class=nav-navs><ul><li><a class="nav-links no-hover-padding" href=https://welpo.github.io/tabi/es/blog/>blog </a><li><a class="nav-links no-hover-padding" href=https://welpo.github.io/tabi/es/archive/>archivo </a><li><a class="nav-links no-hover-padding" href=https://welpo.github.io/tabi/es/tags/>etiquetas </a><li><a class="nav-links no-hover-padding" href=https://welpo.github.io/tabi/es/projects/>proyectos </a><li class=menu-icons-container><ul class=menu-icons-group><li class="js menu-icon"><div aria-label="Haz clic o usa $SHORTCUT para abrir la búsqueda" class="search-icon interactive-icon" title="Haz clic o usa $SHORTCUT para abrir la búsqueda" id=search-button role=button tabindex=0><svg viewbox="0 -960 960 960" xmlns=http://www.w3.org/2000/svg><path d="M784-120 532-372q-30 24-69 38t-83 14q-109 0-184.5-75.5T120-580q0-109 75.5-184.5T380-840q109 0 184.5 75.5T640-580q0 44-14 83t-38 69l252 252-56 56ZM380-400q75 0 127.5-52.5T560-580q0-75-52.5-127.5T380-760q-75 0-127.5 52.5T200-580q0 75 52.5 127.5T380-400Z"/></svg></div><li class=language-switcher><details class=dropdown><summary aria-label="Selección de idioma" title="Selección de idioma" aria-haspopup=true role=button><div class=language-switcher-icon></div></summary> <div class=dropdown-content role=menu>Español<a aria-label=Català href=https://welpo.github.io/tabi/ca/blog/security/ lang=ca role=menuitem>Català</a><a aria-label=English href=https://welpo.github.io/tabi/blog/security/ lang=en role=menuitem>English</a><a aria-label=العربية href=https://welpo.github.io/tabi/ar/blog/security/ lang=ar role=menuitem>العربية</a></div></details><li class="theme-switcher-wrapper js"><div aria-label="Cambiar a modo oscuro" title="Cambiar a modo oscuro/claro" aria-pressed=false class=theme-switcher role=button tabindex=0></div><div aria-label="Restablecer modo a configuración predeterminada" class="theme-resetter arrow" title="Restablecer modo a configuración predeterminada" aria-hidden=true role=button tabindex=0></div></ul></ul></div></nav></header><div class=content id=main-content><main><article class=h-entry><h1 class="p-name article-title">Seguro por defecto</h1><a class="u-url u-uid" href=https://welpo.github.io/tabi/es/blog/security/></a><ul class=meta><li><time class=dt-published datetime=2023-02-22>22 feb 2023</time><li title="262 palabras"><span aria-hidden=true class=separator></span>2 mins de lectura<li class=tag><span aria-hidden=true class=separator></span>Etiquetas: <li class=tag><a class=p-category href=https://welpo.github.io/tabi/es/tags/seguridad/>seguridad</a>, <li class=tag><a class=p-category href=https://welpo.github.io/tabi/es/tags/funcionalidad/>funcionalidad</a></ul><ul class="meta last-updated"><li><time class=dt-updated datetime=2025-02-21>Actualizado el 21 feb 2025</time><li><span aria-hidden=true class=separator></span><a class=external href=https://github.com/welpo/tabi/commits/main/content/blog/security/index.es.md>Ver cambios</a></ul><p class=p-summary hidden>tabi tiene una Política de Seguridad de Contenido (CSP) fácilmente personalizable con configuraciones seguras. Obtén tranquilidad y una calificación de A+ en Mozilla Observatory.<section class="e-content body"><p>La configuración predeterminada del tema obtiene una calificación de A+ en <a class=external href=https://observatory.mozilla.org>Mozilla Observatory</a>.<sup class=footnote-reference id=fr-1-1><a href=#fn-1>1</a></sup><p>Esto se logra configurando programáticamente las cabeceras de la Política de Seguridad de Contenido (CSP) en función de una lista de dominios permitidos definida por el usuario en el archivo <code>config.toml</code>. Aquí tienes la configuración predeterminada y recomendada (puedes eliminar la última directiva si no deseas insertar videos de YouTube):<pre class="language-toml z-code" data-lang=toml><code class=language-toml data-lang=toml><span class="z-source z-toml"><span class="z-punctuation z-definition z-table z-begin z-toml">[</span><span class="z-meta z-tag z-table z-toml"><span class="z-entity z-name z-table z-toml">extra</span></span><span class="z-punctuation z-definition z-table z-end z-toml">]</span>
</span><span class="z-source z-toml"><span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">allowed_domains</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-punctuation z-definition z-array z-begin z-toml">[</span>
</span><span class="z-source z-toml"> <span class="z-punctuation z-definition z-inline-table z-begin z-toml">{</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">directive</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>font-src<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-inline-table z-toml">,</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">domains</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-punctuation z-definition z-array z-begin z-toml">[</span><span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>'self'<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-array z-toml">,</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>data:<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-definition z-array z-end z-toml">]</span> <span class="z-punctuation z-definition z-inline-table z-end z-toml">}</span><span class="z-punctuation z-separator z-array z-toml">,</span>
</span><span class="z-source z-toml"> <span class="z-punctuation z-definition z-inline-table z-begin z-toml">{</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">directive</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>img-src<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-inline-table z-toml">,</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">domains</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-punctuation z-definition z-array z-begin z-toml">[</span><span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>'self'<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-array z-toml">,</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>https://*<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-array z-toml">,</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>data:<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-definition z-array z-end z-toml">]</span> <span class="z-punctuation z-definition z-inline-table z-end z-toml">}</span><span class="z-punctuation z-separator z-array z-toml">,</span>
</span><span class="z-source z-toml"> <span class="z-punctuation z-definition z-inline-table z-begin z-toml">{</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">directive</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>script-src<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-inline-table z-toml">,</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">domains</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-punctuation z-definition z-array z-begin z-toml">[</span><span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>'self'<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-definition z-array z-end z-toml">]</span> <span class="z-punctuation z-definition z-inline-table z-end z-toml">}</span><span class="z-punctuation z-separator z-array z-toml">,</span>
</span><span class="z-source z-toml"> <span class="z-punctuation z-definition z-inline-table z-begin z-toml">{</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">directive</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>style-src<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-inline-table z-toml">,</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">domains</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-punctuation z-definition z-array z-begin z-toml">[</span><span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>'self'<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-definition z-array z-end z-toml">]</span> <span class="z-punctuation z-definition z-inline-table z-end z-toml">}</span><span class="z-punctuation z-separator z-array z-toml">,</span>
</span><span class="z-source z-toml"> <span class="z-punctuation z-definition z-inline-table z-begin z-toml">{</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">directive</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>frame-src<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-separator z-inline-table z-toml">,</span> <span class="z-meta z-tag z-key z-toml"><span class="z-entity z-name z-tag z-toml">domains</span></span> <span class="z-punctuation z-definition z-key-value z-toml">=</span> <span class="z-punctuation z-definition z-array z-begin z-toml">[</span><span class="z-string z-quoted z-double z-basic z-toml"><span class="z-punctuation z-definition z-string z-begin z-toml">"</span>https://www.youtube-nocookie.com<span class="z-punctuation z-definition z-string z-end z-toml">"</span></span><span class="z-punctuation z-definition z-array z-end z-toml">]</span> <span class="z-punctuation z-definition z-inline-table z-end z-toml">}</span><span class="z-punctuation z-separator z-array z-toml">,</span>
</span><span class="z-source z-toml"><span class="z-punctuation z-definition z-array z-end z-toml">]</span>
</span></code></pre><p>La lista <code>allowed_domains</code> especifica las URL a las que el sitio web debería poder conectarse, y cada dominio de la lista se asocia con una directiva CSP como <code>frame-src</code>, <code>connect-src</code> o <code>script-src</code>. El archivo <code>templates/partials/header.html</code> genera dinámicamente la cabecera CSP en función de esta lista.<p>Esta función permite personalizar fácilmente las cabeceras de seguridad del sitio web para permitir casos de uso específicos, como la incrustación de videos de YouTube, la carga de scripts o fuentes remotas (<a class=external href=https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/>no recomendado</a>).<p>Puedes desactivar las cabeceras (permitiendo todo) en una página, sección, o globalmente configurando <code>enable_csp = false</code> en el front matter o en el archivo <code>config.toml</code>.<p><strong>Notas</strong>:<ul><li><p><a href=https://welpo.github.io/tabi/es/blog/comments/>Habilitar los comentarios</a>, <a href=https://welpo.github.io/tabi/es/blog/mastering-tabi-settings/#analisis-web>las analíticas</a>, o <a href=https://welpo.github.io/tabi/es/blog/shortcodes/#diagramas-de-mermaid>los diagramas mermaid</a> permite automáticamente los scripts/frames/estilos/conexiones pertinentes.</p><li><p>Para usar un <a class=external href=https://www.getzola.org/documentation/getting-started/configuration/#syntax-highlighting>tema de resaltado de sintaxis integrado en Zola</a>, has de permitir <code>unsafe-inline</code> en la directiva <code>style-src</code>:</p> <pre class=z-code><code><span class="z-text z-plain">{ directive = "style-src", domains = ["'self'", "'unsafe-inline'"] },
</span></code></pre></ul><hr><section class=footnotes><ol class=footnotes-list><li id=fn-1><p>Requiere una configuración adecuada del servidor web (por ejemplo, redirigir el tráfico HTTP a HTTPS). <a href=#fr-1-1></a></p></ol></section></section><form action="https://vhiweeypifbwacashxjz.supabase.co/rest/v1/rpc/increment_hits?apikey=sb_publishable_EoB7MFJhCmb6PiAk-GPJ4w_PGhQ44Ru" class=iine-form method=post><input name=page_slug type=hidden value=/blog/security/><button aria-label="Me gusta esta publicación" title="Me gusta esta publicación" class=iine-button data-icon=thumbs_up data-slug=/blog/security/>👍</button></form><nav class="full-width article-navigation"><div><a aria-describedby=left_title aria-label=Siguiente href=https://welpo.github.io/tabi/es/blog/custom-font-subset/><span class=arrow></span> Siguiente</a><p aria-hidden=true id=left_title>Optimiza la carga con un subconjunto de fuente personalizado</div><div><a aria-describedby=right_title aria-label=Anterior href=https://welpo.github.io/tabi/es/blog/shortcodes/>Anterior <span class=arrow></span></a><p aria-hidden=true id=right_title>Shortcodes personalizados</div></nav></article></main><span class=hidden id=copy-success> Copiado! </span><span class=hidden id=copy-init> Copiar código al portapapeles </span><script defer src=https://welpo.github.io/tabi/js/copyCodeToClipboard.min.js></script><script defer src=https://cdn.jsdelivr.net/gh/welpo/iine@main/iine.mini.js></script></div><footer><section><nav class="socials nav-navs"><ul><li><a class="nav-links no-hover-padding social" href=https://welpo.github.io/tabi/es/atom.xml> <img alt=feed loading=lazy src=https://welpo.github.io/tabi/social_icons/rss.svg title=feed> </a><li class=js><a class="nav-links no-hover-padding social" data-encoded-email=dGFiaUBvc2MuZ2FyZGVu href=#><img alt=email loading=lazy src=https://welpo.github.io/tabi/social_icons/email.svg title=email> </a><li><a class="nav-links no-hover-padding social" rel=" me" href=https://github.com/welpo/> <img alt=github loading=lazy src=https://welpo.github.io/tabi/social_icons/github.svg title=github> </a><li><a class="nav-links no-hover-padding social" rel=" me" href=https://soundcloud.com/oskerwyld> <img alt=soundcloud loading=lazy src=https://welpo.github.io/tabi/social_icons/soundcloud.svg title=soundcloud> </a><li><a class="nav-links no-hover-padding social" rel=" me" href=https://instagram.com/oskerwyld> <img alt=instagram loading=lazy src=https://welpo.github.io/tabi/social_icons/instagram.svg title=instagram> </a><li><a class="nav-links no-hover-padding social" rel=" me" href=https://youtube.com/@oskerwyld> <img alt=youtube loading=lazy src=https://welpo.github.io/tabi/social_icons/youtube.svg title=youtube> </a><li><a class="nav-links no-hover-padding social" rel=" me" href=https://open.spotify.com/artist/5Hv2bYBhMp1lUHFri06xkE> <img alt=spotify loading=lazy src=https://welpo.github.io/tabi/social_icons/spotify.svg title=spotify> </a></ul></nav><nav class=nav-navs><small> <ul><li><a class="nav-links no-hover-padding" href=https://welpo.github.io/tabi/es/about/> sobre mí </a><li><a class="nav-links no-hover-padding" href=https://welpo.github.io/tabi/es/privacy/> política de privacidad </a><li><a class="nav-links no-hover-padding" href=https://tabi-stats.osc.garden/> estadísticas del sitio </a><li><a class="nav-links no-hover-padding" href=https://welpo.github.io/tabi/sitemap.xml> mapa del sitio </a></ul> </small></nav><div class=credits><small> Impulsado por <a href=https://www.getzola.org>Zola</a> y <a href=https://github.com/welpo/tabi>tabi</a><a href=https://github.com/welpo/tabi> Código del sitio </a></small></div></section><script async src=https://welpo.github.io/tabi/js/decodeMail.min.js></script><div class="search-modal js" aria-labelledby=modalTitle id=searchModal role=dialog><h1 class=visually-hidden id=modalTitle>Buscar</h1><div id=modal-content><div id=searchBar><div aria-hidden=true class=search-icon><svg viewbox="0 -960 960 960" xmlns=http://www.w3.org/2000/svg><path d="M784-120 532-372q-30 24-69 38t-83 14q-109 0-184.5-75.5T120-580q0-109 75.5-184.5T380-840q109 0 184.5 75.5T640-580q0 44-14 83t-38 69l252 252-56 56ZM380-400q75 0 127.5-52.5T560-580q0-75-52.5-127.5T380-760q-75 0-127.5 52.5T200-580q0 75 52.5 127.5T380-400Z"/></svg></div><input aria-controls=results-container aria-expanded=false autocomplete=off id=searchInput placeholder=Buscar… role=combobox spellcheck=false><div class="close-icon interactive-icon" title="Borrar búsqueda" id=clear-search role=button tabindex=0><svg viewbox="0 -960 960 960" xmlns=http://www.w3.org/2000/svg><path d="m256-200-56-56 224-224-224-224 56-56 224 224 224-224 56 56-224 224 224 224-56 56-224-224-224 224Z"/></svg></div></div><div id=results-container><div id=results-info><span id=zero_results> No hay resultados</span><span id=one_results> $NUMBER resultado</span><span id=many_results> $NUMBER resultados</span><span id=two_results> $NUMBER resultados</span><span id=few_results> $NUMBER resultados</span></div><div id=results role=listbox></div></div></div></div></footer>
Reference in a new issue View git blame Copy permalink