search

11ty / eleventy-base-blog

A starter repository for a blog web site using the Eleventy static site generator.
https://eleventy-base-blog.netlify.app/
MIT License
1.19k stars 609 forks source link

Unclear how to configure to be compatible with CSP directive `style-src 'self'` #150

Closed DougReeder closed 1 year ago

DougReeder commented 1 year ago

The automatic inlining of CSS is cool, but it conflicts with the Content-Security-Policy style-src 'self' which enforces a common and widely-recommended level of security.

Replacing 

<style>{% getBundle "css" %}</style>

with

<link rel="stylesheet" href="{% getBundleFileUrl "css" %}">

in base.njk will move the static CSS to a separate file. This should be documented in the README.

However, 

<ol reversed class="postlist" style="counter-reset: start-from {{ (postslistCounter or postslist.length) + 1 }}">

is more challenging, as it can't be moved to a static CSS file. Replacing it with

{%- css %}.postlist { counter-reset: start-from {{ (postslistCounter or postslist.length) + 1 }} }{% endcss %}
<ol reversed class="postlist">

appears to be sufficient.

zachleat commented 1 year ago

Thank you for the PR—looks great!