From c2f73fae28d1ff85bac3cf279cac85e7146bf645 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Wed, 19 Mar 2025 18:46:18 -0700
Subject: [PATCH 1/9] feat: add CSP

---
 _includes/meta.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/_includes/meta.html b/_includes/meta.html
index f8e967da..59893047 100644
--- a/_includes/meta.html
+++ b/_includes/meta.html
@@ -34,3 +34,4 @@
 <link rel="stylesheet" href="/assets/main.css">
 
 <link rel="manifest" href="/assets/manifest.webmanifest">
+<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; upgrade-insecure-requests;">

From cb0a192a2943721558474778b2e9d5130fdc8863 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Wed, 19 Mar 2025 18:47:39 -0700
Subject: [PATCH 2/9] fix

---
 _includes/meta.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_includes/meta.html b/_includes/meta.html
index 59893047..deeb4edd 100644
--- a/_includes/meta.html
+++ b/_includes/meta.html
@@ -34,4 +34,4 @@
 <link rel="stylesheet" href="/assets/main.css">
 
 <link rel="manifest" href="/assets/manifest.webmanifest">
-<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; upgrade-insecure-requests;">
+<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;">

From 17b042f0b96ea2ff14b0a39a203ca0a727d2fa5c Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Wed, 19 Mar 2025 18:57:37 -0700
Subject: [PATCH 3/9] move to jekyll config

---
 _config.yaml        | 4 ++++
 _includes/meta.html | 1 -
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/_config.yaml b/_config.yaml
index 697342d1..4b5b2c0d 100644
--- a/_config.yaml
+++ b/_config.yaml
@@ -9,4 +9,8 @@ defaults:
     values:
       layout: "page"
 
+webrick:
+  headers:
+    Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;
+
 exclude: ["README.md"]
diff --git a/_includes/meta.html b/_includes/meta.html
index deeb4edd..f8e967da 100644
--- a/_includes/meta.html
+++ b/_includes/meta.html
@@ -34,4 +34,3 @@
 <link rel="stylesheet" href="/assets/main.css">
 
 <link rel="manifest" href="/assets/manifest.webmanifest">
-<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;">

From 54b49a6c47fe6f74a6638015eb4bcc9141e30ac0 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Wed, 19 Mar 2025 18:59:25 -0700
Subject: [PATCH 4/9] fix

---
 _config.yaml | 4 ----
 _headers     | 2 ++
 2 files changed, 2 insertions(+), 4 deletions(-)
 create mode 100644 _headers

diff --git a/_config.yaml b/_config.yaml
index 4b5b2c0d..697342d1 100644
--- a/_config.yaml
+++ b/_config.yaml
@@ -9,8 +9,4 @@ defaults:
     values:
       layout: "page"
 
-webrick:
-  headers:
-    Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;
-
 exclude: ["README.md"]
diff --git a/_headers b/_headers
new file mode 100644
index 00000000..f9db5a62
--- /dev/null
+++ b/_headers
@@ -0,0 +1,2 @@
+/*
+  Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;

From bf414259d5f2266b83023470f94455e0ec15e585 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Wed, 19 Mar 2025 19:17:49 -0700
Subject: [PATCH 5/9] add other options

---
 _headers | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/_headers b/_headers
index f9db5a62..90045345 100644
--- a/_headers
+++ b/_headers
@@ -1,2 +1,5 @@
 /*
+  X-Frame-Options: DENY
+  X-Content-Type-Options: nosniff
+  Referrer-Policy: no-referrer
   Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;

From 697df17d9e3d8a6e6769f54e9c92316d80802373 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Wed, 19 Mar 2025 19:20:04 -0700
Subject: [PATCH 6/9] temp remove csp

---
 _headers | 1 -
 1 file changed, 1 deletion(-)

diff --git a/_headers b/_headers
index 90045345..142fbb06 100644
--- a/_headers
+++ b/_headers
@@ -2,4 +2,3 @@
   X-Frame-Options: DENY
   X-Content-Type-Options: nosniff
   Referrer-Policy: no-referrer
-  Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;

From b0608aae1da840f13bd1961398e7ec8443cee385 Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Sun, 23 Mar 2025 12:56:26 -0700
Subject: [PATCH 7/9] include headers

---
 _config.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/_config.yaml b/_config.yaml
index 697342d1..37392046 100644
--- a/_config.yaml
+++ b/_config.yaml
@@ -10,3 +10,4 @@ defaults:
       layout: "page"
 
 exclude: ["README.md"]
+include: ["_headers"]

From db72da2aa7f8efb9f1ca0ebe09180b884372825a Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Sun, 23 Mar 2025 12:58:38 -0700
Subject: [PATCH 8/9] add back csp

---
 _headers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/_headers b/_headers
index 142fbb06..90045345 100644
--- a/_headers
+++ b/_headers
@@ -2,3 +2,4 @@
   X-Frame-Options: DENY
   X-Content-Type-Options: nosniff
   Referrer-Policy: no-referrer
+  Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;

From a0d166f1ca365314826b49730ab69ab9d4e39c9e Mon Sep 17 00:00:00 2001
From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com>
Date: Sun, 23 Mar 2025 13:06:01 -0700
Subject: [PATCH 9/9] Update _headers

---
 _headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_headers b/_headers
index 90045345..e913c495 100644
--- a/_headers
+++ b/_headers
@@ -2,4 +2,4 @@
   X-Frame-Options: DENY
   X-Content-Type-Options: nosniff
   Referrer-Policy: no-referrer
-  Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-url 'none'; sandbox; upgrade-insecure-requests;
+  Content-Security-Policy: default-src 'none'; style-src-elem 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; sandbox; upgrade-insecure-requests;