From 958a8a6035e6b6d701b06ce66e5b6b46e8d5561e Mon Sep 17 00:00:00 2001 From: Tobias Hagemann Date: Thu, 18 Jul 2024 18:03:59 +0200 Subject: [PATCH] reverted hugo config to single file, server headers are always used locally --- config/development/server.toml | 7 ------- config/production/server.toml | 7 ------- config/_default/hugo.toml => hugo.toml | 8 ++++++++ 3 files changed, 8 insertions(+), 14 deletions(-) delete mode 100644 config/development/server.toml delete mode 100644 config/production/server.toml rename config/_default/hugo.toml => hugo.toml (80%) diff --git a/config/development/server.toml b/config/development/server.toml deleted file mode 100644 index e89d1747da..0000000000 --- a/config/development/server.toml +++ /dev/null @@ -1,7 +0,0 @@ -[server] - [[server.headers]] - for = '/**' - [server.headers.values] - Content-Security-Policy = "default-src 'none'; script-src 'self' 'unsafe-eval' https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://i.ytimg.com/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/ http://localhost:8787/ https://api.github.com/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://www.youtube-nocookie.com/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'" - Strict-Transport-Security = "max-age=31536000; includeSubDomains" - X-Content-Type-Options = "nosniff" diff --git a/config/production/server.toml b/config/production/server.toml deleted file mode 100644 index 4e76003619..0000000000 --- a/config/production/server.toml +++ /dev/null @@ -1,7 +0,0 @@ -[server] - [[server.headers]] - for = '/**' - [server.headers.values] - Content-Security-Policy = "default-src 'none'; script-src 'self' 'unsafe-eval' https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://i.ytimg.com/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/ https://api.github.com/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://www.youtube-nocookie.com/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'; upgrade-insecure-requests" - Strict-Transport-Security = "max-age=31536000; includeSubDomains" - X-Content-Type-Options = "nosniff" diff --git a/config/_default/hugo.toml b/hugo.toml similarity index 80% rename from config/_default/hugo.toml rename to hugo.toml index fcfb660c0e..8679b33876 100644 --- a/config/_default/hugo.toml +++ b/hugo.toml @@ -111,3 +111,11 @@ block = true [permalinks] blog = "/blog/:year/:month/:day/:slug/" + +[server] + [[server.headers]] + for = '/**' + [server.headers.values] + Content-Security-Policy = "default-src 'none'; script-src 'self' 'unsafe-eval' https://community.cryptomator.org/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.paddle.com/; img-src 'self' data: https://static.cryptomator.org/ https://i.ytimg.com/ https://*.paddle.com/ https://paddle.s3.amazonaws.com/; connect-src 'self' https://api.cryptomator.org/ https://store.cryptomator.org/ http://localhost:8787/ https://api.github.com/; font-src 'self'; media-src https://static.cryptomator.org/; frame-src https://community.cryptomator.org/ https://www.youtube-nocookie.com/ https://js.stripe.com/ https://*.paddle.com/ https://www.google.com/; base-uri 'self'; form-action 'self' https://www.paypal.com/ https://www.coinpayments.net/; frame-ancestors 'none'" + Strict-Transport-Security = "max-age=31536000; includeSubDomains" + X-Content-Type-Options = "nosniff"