search

serg / yourfolio

:star: Super simple and responsive theme for your personal website on Hugo
https://themeslake.com/theme/yourfolio/
MIT License
41 stars 23 forks source link

Content Security Policy and Subresource Integrity (SRI) #12

Open MUWalter opened 3 years ago

MUWalter commented 3 years ago

Dear @serg,

This is not a bug, but in terms of security I was checking my page at https://webbkoll.dataskydd.net

Two things I don't get rid of:

  1. Content Security Policy

Although I added <meta http-equiv="Content-Security-Policy" content="default-src 'none' *; script-src 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; base-uri 'none' 'self' *; form-action 'none' *; form-action 'self' *; object-src 'none' *; frame-ancestors 'none'"> in basof.html I get the following issues:

CSR

  1. SRI

Maybe this could be implemented too in a future update.

sri

Keep up the good work!

serg commented 3 years ago

Can't help with point 1. But here is script with SRI for picturefill:

<script async src="https://cdn.jsdelivr.net/npm/picturefill@3.0.3/dist/picturefill.min.js" integrity="sha256-iT+n/otuaeKCgxnASny7bxKeqCDbaV1M7VdX1ZRQtqg=" crossorigin="anonymous"></script>
MUWalter commented 3 years ago

perfect, thanks!

result