diff options
Diffstat (limited to 'content/posts/2021-10-19-hugo-csp-impedance-mismatch.md')
| -rw-r--r-- | content/posts/2021-10-19-hugo-csp-impedance-mismatch.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/content/posts/2021-10-19-hugo-csp-impedance-mismatch.md b/content/posts/2021-10-19-hugo-csp-impedance-mismatch.md index 081a883..e2abaa0 100644 --- a/content/posts/2021-10-19-hugo-csp-impedance-mismatch.md +++ b/content/posts/2021-10-19-hugo-csp-impedance-mismatch.md @@ -93,6 +93,8 @@ securityheaders.com][securityheaders-scan-results], I constrained `Access-Control-Allow-Origin`, added `Referrer-Policy`, and added `Permissions-Policy`. +**Update 2 (2021-10-25):** I went with [the nuclear option][nuclear-option]. + [csp]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP "Content-Security-Policy HTTP response header" [chroma]: https://github.com/alecthomas/chroma @@ -119,3 +121,5 @@ securityheaders.com][securityheaders-scan-results], I constrained "Create tables without Markdown" [securityheaders-scan-results]: https://securityheaders.com/?q=pablotron.org&hide=on&followRedirects=on "Scan results for this site from securityheaders.com" +[nuclear-option]: {{< relref "posts/2021-10-25-the-nuclear-option-no-more-unsafe-inline.md" >}} + "Table shortcode for Hugo, removal of unsafe-inline, and updated Security Headers scan result." |