blob: e8fa0623c23dc894b2b6ebd86529f6a3e09c86ae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
<meta http-equiv="Content-Security-Policy"
content="default-src 'self'
{%- if config.extra.allowed_domains -%}
;
{#- Check if a comment system is enabled to allow the necessary domains and directives -#}
{%- set utterances_enabled = config.extra.utterances.enabled_for_all_posts or page.extra.utterances -%}
{%- set giscus_enabled = config.extra.giscus.enabled_for_all_posts or page.extra.giscus -%}
{%- set hyvortalk_enabled = config.extra.hyvortalk.enabled_for_all_posts or page.extra.hyvortalk -%}
{%- set isso_enabled = config.extra.isso.enabled_for_all_posts or page.extra.isso -%}
{%- if page -%}
{%- set iine_enabled = macros_settings::evaluate_setting_priority(setting="iine", page=page, default_global_value=false) == "true" -%}
{%- endif -%}
{%- if page -%}
{%- set mermaid_enabled = macros_settings::evaluate_setting_priority(setting="mermaid", page=page, default_global_value=false) == "true" -%}
{%- endif -%}
{%- set serve_local_mermaid = config.extra.serve_local_mermaid | default(value=true) -%}
{#- Initialise a base script-src directive -#}
{%- set script_src = "script-src 'self'" -%}
{#- Initialise a base connect-src directive -#}
{%- set connect_src = "connect-src 'self'" -%}
{# Base logic for appending analytics domains #}
{%- set analytics_url = config.extra.analytics.self_hosted_url | default(value="") %}
{%- if analytics_url -%}
{%- set script_src = script_src ~ " " ~ analytics_url -%}
{%- set connect_src = connect_src ~ " " ~ analytics_url -%}
{%- else -%}
{%- if config.extra.analytics.service -%}
{%- if config.extra.analytics.service == "goatcounter" -%}
{%- set script_src = script_src ~ " gc.zgo.at" -%}
{%- set connect_src = connect_src ~ " " ~ config.extra.analytics.id ~ ".goatcounter.com/count" -%}
{%- elif config.extra.analytics.service == "umami" -%}
{%- set script_src = script_src ~ " cloud.umami.is" -%}
{%- set connect_src = connect_src ~ " *.umami.dev" ~ " cloud.umami.is" -%}
{%- elif config.extra.analytics.service == "plausible" -%}
{%- set script_src = script_src ~ " plausible.io" -%}
{%- set connect_src = connect_src ~ " plausible.io" -%}
{%- endif -%}
{%- endif -%}
{%- endif -%}
{%- if hyvortalk_enabled -%}
{%- set connect_src = connect_src ~ " talk.hyvor.com" -%}
{%- set script_src = script_src ~ " talk.hyvor.com" -%}
{%- elif isso_enabled -%}
{%- set connect_src = connect_src ~ " " ~ config.extra.isso.endpoint_url -%}
{%- set script_src = script_src ~ " " ~ config.extra.isso.endpoint_url -%}
{%- elif giscus_enabled -%}
{%- set script_src = script_src ~ " " ~ " giscus.app" -%}
{%- elif utterances_enabled -%}
{%- set script_src = script_src ~ " " ~ " utteranc.es" -%}
{%- endif -%}
{%- if (mermaid_enabled and not serve_local_mermaid) or iine_enabled -%}
{%- set script_src = script_src ~ " " ~ " cdn.jsdelivr.net" -%}
{%- endif -%}
{#- Check if a webmention system is enabled to allow the necessary domains and directives -#}
{%- if config.extra.webmentions.enable -%}
{%- set connect_src = connect_src ~ " webmention.io" -%}
{%- endif -%}
{#- Check if iine like buttons are enabled to allow the necessary domains -#}
{%- if iine_enabled -%}
{%- set connect_src = connect_src ~ " vhiweeypifbwacashxjz.supabase.co" -%}
{%- endif -%}
{#- Append WebSocket for Zola serve mode -#}
{%- if config.mode == "serve" -%}
{%- set connect_src = connect_src ~ " ws:" -%}
{%- endif -%}
{%- for domain in config.extra.allowed_domains -%}
{%- if domain.directive == "connect-src" -%}
{%- set configured_connect_src = domain.domains | join(sep=' ') | safe -%}
{%- set_global connect_src = connect_src ~ " " ~ configured_connect_src -%}
{%- continue -%}
{%- endif -%}
{%- if domain.directive == "script-src" -%}
{%- set configured_script_src = domain.domains | join(sep=' ') | safe -%}
{%- set_global script_src = script_src ~ " " ~ configured_script_src -%}
{%- continue -%}
{%- endif -%}
{#- Handle directives that are not connect-src -#}
{{ domain.directive }} {{ domain.domains | join(sep=' ') | safe -}}
{%- if domain.directive == "style-src" -%}
{%- if utterances_enabled or hyvortalk_enabled or mermaid_enabled %} 'unsafe-inline'
{%- endif -%}
{%- endif -%}
{%- if domain.directive == "font-src" -%}
{%- if mermaid_enabled %} 'self'
{%- endif -%}
{%- endif -%}
{%- if domain.directive == "frame-src" -%}
{%- if giscus_enabled %} giscus.app
{%- elif utterances_enabled %} utteranc.es
{%- elif hyvortalk_enabled %} talk.hyvor.com
{%- endif %}
{%- endif -%}
{%- if not loop.last -%}
;
{%- endif -%}
{%- endfor -%}
{#- Insert the generated connect-src -#}
{{ ";" ~ connect_src }}
{#- Insert the generated script-src -#}
{{ ";" ~ script_src }}
{%- endif -%}">
|
