The sha256 is for the script-tag livereload inserts. I could just leave
that in for production, but sometimes it would be handy to know if we
are 'build', 'serve'd or perhaps even 'show'n.
Well, super-ideally livereload would apply that themself although that
could become complicated really fast on less static sites.
Oh, interesting problem, that. I haven't yet gained CSP as a habit, shame on me.
Given the amount of monkey patching I had to do on livereload recently (see lepture/python-livereload#214), I've been wondering about ditching it as a dependency and reimplementing that functionality in staticsite. That would integrate well with an extra empty block in the base template that 'ssite serve' could fill with CSP.
Meanwhile, exporting the current command to the templates is a much easier thing to do.
(from a conversation with @DonKult)
Oh, interesting problem, that. I haven't yet gained CSP as a habit, shame on me.
Given the amount of monkey patching I had to do on livereload recently (see lepture/python-livereload#214), I've been wondering about ditching it as a dependency and reimplementing that functionality in staticsite. That would integrate well with an extra empty block in the base template that 'ssite serve' could fill with CSP.
Meanwhile, exporting the current command to the templates is a much easier thing to do.