diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2020-09-09 15:12:37 +0300 |
---|---|---|
committer | Jean du Plessis <jduplessis@gitlab.com> | 2020-09-09 15:12:37 +0300 |
commit | baf1605b9b7ff52ed1eba8e1a67bf3d0b026588f (patch) | |
tree | 849225002be670a1be60f3ea5f6c5d5bf08070d1 /layouts/head.html | |
parent | 91f5c6f438d9ffdaa02d8f313a05fe9414df407e (diff) |
Add Content Secure Policy headers
Diffstat (limited to 'layouts/head.html')
-rw-r--r-- | layouts/head.html | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/layouts/head.html b/layouts/head.html index 71871884..d4fcd72f 100644 --- a/layouts/head.html +++ b/layouts/head.html @@ -20,6 +20,9 @@ <% else %> <meta name="docsearch:version" content="master" /> <% end %> +<% if is_production? and ENV['CI_COMMIT_REF_NAME'] == 'master' %> +<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none'; style-src 'self' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; font-src 'self' https://cdnjs.cloudflare.com;"> +<% end %> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z" crossorigin="anonymous"> <link rel="stylesheet" href="<%= @items['/assets/stylesheets/stylesheet.*'].path %>"> <link rel="stylesheet" href="<%= @items['/assets/stylesheets/highlight.*'].path %>"> |