yoshiharuyamashita / blackburn

A Hugo theme built using Yahoo's Pure CSS
MIT License
317 stars 170 forks source link

Add support for Content Security Policy via an optional parameter #99

Open james-otten opened 5 years ago

james-otten commented 5 years ago

Content Security Policy (CSP) is often used as a part of a defense in depth based approach to prevent common web vulnerabilities.

With this change, a user can setup their own CSP through an optional site parameter "csp". If the parameter is set, a meta element is added to the page which contains the user's policy.

More info on CSP is available on MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP