From 17fc295d3518d41e695e833f258ec9c4b7311218 Mon Sep 17 00:00:00 2001 From: MacRat Date: Sat, 27 Jan 2024 23:53:00 +0900 Subject: [PATCH] feat: set CSP header value --- builder/autoindex.go | 4 ++++ config.json | 2 +- pages/blog/2020/05/gandi-redirect-to-na-gcsip-com.md | 2 ++ pages/blog/2020/11/powershell-use-generic-class.md | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/builder/autoindex.go b/builder/autoindex.go index 7ee29244..d95d6a6b 100644 --- a/builder/autoindex.go +++ b/builder/autoindex.go @@ -590,6 +590,10 @@ func (g *IndexGenerator) generateConfig(dst fs.Writable, as ArticleList, conf Co }) for _, a := range as { + if len(a.Headers) == 0 { + continue + } + h := make(map[string]string) for k, v := range conf.Headers { diff --git a/config.json b/config.json index a24ae7b0..e397883e 100644 --- a/config.json +++ b/config.json @@ -5,7 +5,7 @@ "headers": { "X-Content-Type-Options": "nosniff", "X-Frame-Options": "deny", - "Content-Security-Policy": "default-src 'self'; frame-ancestors 'none'" + "Content-Security-Policy": "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'" }, "redirects": [ {"source": "/about.html", "destination": "/about"}, diff --git a/pages/blog/2020/05/gandi-redirect-to-na-gcsip-com.md b/pages/blog/2020/05/gandi-redirect-to-na-gcsip-com.md index 28b13553..53946878 100644 --- a/pages/blog/2020/05/gandi-redirect-to-na-gcsip-com.md +++ b/pages/blog/2020/05/gandi-redirect-to-na-gcsip-com.md @@ -7,6 +7,8 @@ image: [/blog/2020/05/gandi-na-gcsip-com.png] faq: - question: Gandi.netにクレジットカードを登録するときに出てくる「na.gcsip.com」は安全? answer: Gandi.netが使用している正規の決済サービスのようです。なので多分大丈夫。 +headers: + Content-Security-Policy: "default-src 'self'; script-src 'self' 'unsafe-inline' https://platform.twitter.com/; style-src 'self' 'unsafe-inline' https://*.twitter.com/; img-src 'self' https://*.twitter.com/ https://*.twimg.com/; frame-src https://platform.twitter.com/ https://syndication.twitter.com/; frame-ancestors 'none'" --- # TL;DR diff --git a/pages/blog/2020/11/powershell-use-generic-class.md b/pages/blog/2020/11/powershell-use-generic-class.md index 2dce5381..f7967bac 100644 --- a/pages/blog/2020/11/powershell-use-generic-class.md +++ b/pages/blog/2020/11/powershell-use-generic-class.md @@ -9,6 +9,8 @@ faq: answer: 引数の型を丁寧に明示してあげると上手くいくことがあるようです。 - question: 'HashSet::newするときに「MethodException: Cannot find an overload for "new" and the argument count: "1".」ってエラーが出た。これは何?' answer: もしかしたら、引数の型が正しくないエラーかもしれません。 +headers: + Content-Security-Policy: "default-src 'self'; script-src 'self' 'unsafe-inline' https://platform.twitter.com/; style-src 'self' 'unsafe-inline' https://*.twitter.com/; img-src 'self' https://*.twitter.com/ https://*.twimg.com/; frame-src https://platform.twitter.com/ https://syndication.twitter.com/; frame-ancestors 'none'" --- [昨日の記事](/blog/2020/11/powershell-unique-value-count)の中で[System.Collections.Generic.HashSet<T>](https://docs.microsoft.com/ja-jp/dotnet/api/system.collections.generic.hashset-1)というクラスを使いました。