Browse Source

refactor(feature/csp): add worker-src for csp

also update csp directives to facilitate miner in docs
Josh Habdas 9 months ago
parent
commit
cfd4e5f680
Signed by: Josh Habdas <jhabdas@protonmail.com> GPG Key ID: B148B31154C75A74

+ 11
- 0
docs/config.toml View File

@@ -40,16 +40,27 @@ footnoteReturnLinkContents = "↩" # Provides a nicer footnote return link
40 40
   hidden = false # Optional, set false or remove to show section menu
41 41
 
42 42
 [params.security.csp.directives]
43
+  workerSrc = [
44
+    "'self'",
45
+    "blob:"
46
+  ]
47
+  connectSrc = [
48
+    "'self'",
49
+    "wss:",
50
+    "data:"
51
+  ]
43 52
   mediaSrc = [
44 53
     "https://jhabdas.keybase.pub"
45 54
   ]
46 55
   scriptSrc = [
47 56
     "'self'",
48 57
     "'unsafe-inline'",
58
+    "'unsafe-eval'",
49 59
     "https:",
50 60
     "'sha512-Jx/MqTxYWqHdoOkHItRJJZCvFDhERPr5gG4I5ESu3V&#43;BgQyAQ6wXfdsGzhzmT0yyvkAWz2jbrn81q90RRJTSTg=='",
51 61
     "'sha512-hno7WeTIciCJSjg/myjyK30HYkrcGCVwo4g4SpUalvrs3r2lS7bPNIQwbCNypKbg7BZ1sA4AsGnk6Gq4NOKpGA=='",
52 62
     "'sha512-ISTAV0GadOIz/NXXHOS&#43;eCM0ysXVVHhQTlvA6LJxz/DeA5yIxm0Vqf5IE&#43;WH0yuuXkayAKtoZkQ326nch5f/fg=='",
63
+    "'sha512-VcgUV40yC63NPTwc43S34Yr3YnyVURl4rAQvU7+FMe1xF9StT5IVQWQPkE4KAH7NlQfb4Dy/ivf0Y5g7trYVdA=='",
53 64
     "'strict-dynamic'"
54 65
   ]
55 66
 

+ 1
- 0
docs/content/feature/content-security-policy.md View File

@@ -54,6 +54,7 @@ Directive | Mapping | Advanced Default
54 54
 --- | --- | ---
55 55
 default-src | defaultSrc | 'none'
56 56
 connect-src | connectSrc | 'self'
57
+worker-src | workerSrc | 'self'
57 58
 font-src | fontSrc | 'self'
58 59
 media-src | mediaSrc | 'self'
59 60
 img-src | imgSrc | 'self' data:

+ 4
- 1
layouts/partials/meta/content-security-policy.html View File

@@ -10,6 +10,9 @@
10 10
       {{ else }} 'none'{{ end }};connect-src{{ if $site_directives.connectsrc }}
11 11
         {{- range $site_directives.connectsrc }} {{ . | safeHTML }}{{ end -}}
12 12
         {{- range .Params.security.csp.directives.connectsrc }} {{ . | safeHTML }}{{ end -}}
13
+      {{ else }} 'self'{{ end }};worker-src{{ if $site_directives.workersrc }}
14
+        {{- range $site_directives.workersrc }} {{ . | safeHTML }}{{ end -}}
15
+        {{- range .Params.security.csp.directives.workersrc }} {{ . | safeHTML }}{{ end -}}
13 16
       {{ else }} 'self'{{ end }};font-src{{ if $site_directives.fontsrc }}
14 17
         {{- range $site_directives.fontsrc }} {{ . | safeHTML }}{{ end -}}
15 18
         {{- range .Params.security.csp.directives.fontsrc }} {{ . | safeHTML }}{{ end -}}
@@ -34,5 +37,5 @@
34 37
       {{ else }} 'none'{{ end }};">
35 38
   {{ end }}
36 39
 {{ else if not $is_disabled }}
37
-  <meta http-equiv="Content-Security-Policy" content="default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'">
40
+  <meta http-equiv="Content-Security-Policy" content="default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; connect-src 'self' wss: data:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'">
38 41
 {{ end }}

Loading…
Cancel
Save