Add a CSP (PR #24)

* Add Content Security Policy
* Add Referrer Policy
* Update CSP
master
Nicholas Lim 2 years ago committed by GitHub
parent e37a93221d
commit 0f96422fb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 3
      _layouts/default.html

@ -1,5 +1,8 @@
<!DOCTYPE html>
<html lang="{{ page.lang | default: site.lang | default: "en" }}">
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; style-src 'self' https://fonts.googleapis.com; img-src 'self'; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; media-src 'self'; object-src 'self'; child-src 'self'; form-action 'none'; base-uri 'self'" />
<meta http-equiv="X-XSS-Protection" content="1;mode=block" always>
<meta http-equiv="Referrer-Policy" content="no-referrer, strict-origin-when-cross-origin">
{%- include head.html -%}

Loading…
Cancel
Save