[SITE] new CSP without 'unsafe-inline'
This commit is contained in:
parent
404e6f8d79
commit
30e00e09ad
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://*.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
|
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
|
||||||
//header("X-Content-Type-Options: nosniff"); // enabled at server-side
|
//header("X-Content-Type-Options: nosniff"); // enabled at server-side
|
||||||
//header("X-Frame-Options: deny"); // enabled at server-side
|
//header("X-Frame-Options: deny"); // enabled at server-side
|
||||||
//header("X-Xss-Protection: 1; mode=block"); // enabled at server-side
|
//header("X-Xss-Protection: 1; mode=block"); // enabled at server-side
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<!-- Piwik -->
|
<!-- Piwik -->
|
||||||
<script type="text/javascript">
|
<script type="text/javascript" nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
|
||||||
var _paq = _paq || [];
|
var _paq = _paq || [];
|
||||||
_paq.push(['trackPageView']);
|
_paq.push(['trackPageView']);
|
||||||
_paq.push(['enableLinkTracking']);
|
_paq.push(['enableLinkTracking']);
|
||||||
|
|
|
@ -40,7 +40,7 @@ echo js('assets/vendors/bootstrap/js/dist/carousel.js');
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<?php if (c::get('plg_masonry.enable') && $plg_masonry==true) : $width = c::get('plg_masonry.width');?>
|
<?php if (c::get('plg_masonry.enable') && $plg_masonry==true) : $width = c::get('plg_masonry.width');?>
|
||||||
<style>
|
<style nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
|
||||||
#masonry {margin: 0 auto;}
|
#masonry {margin: 0 auto;}
|
||||||
.masonryitem { width: <?php echo $width ?>px; margin-bottom: 10px;}
|
.masonryitem { width: <?php echo $width ?>px; margin-bottom: 10px;}
|
||||||
.masonryitem.w2 { width: 40%; }
|
.masonryitem.w2 { width: 40%; }
|
||||||
|
@ -48,7 +48,7 @@ echo js('assets/vendors/bootstrap/js/dist/carousel.js');
|
||||||
|
|
||||||
<?php echo js('assets/vendors/masonry/dist/masonry.pkgd.min.js');?>
|
<?php echo js('assets/vendors/masonry/dist/masonry.pkgd.min.js');?>
|
||||||
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript" nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
|
||||||
$('#masonry').masonry({
|
$('#masonry').masonry({
|
||||||
isFitWidth: true,
|
isFitWidth: true,
|
||||||
columnWidth: <?php echo c::get('plg_masonry.width') ?>,
|
columnWidth: <?php echo c::get('plg_masonry.width') ?>,
|
||||||
|
@ -60,7 +60,7 @@ echo js('assets/vendors/bootstrap/js/dist/carousel.js');
|
||||||
<?php echo js('assets/vendors/swipebox/src/js/jquery.swipebox.min.js');?>
|
<?php echo js('assets/vendors/swipebox/src/js/jquery.swipebox.min.js');?>
|
||||||
<?php echo css('assets/vendors/swipebox/src/css/swipebox.css') ?>
|
<?php echo css('assets/vendors/swipebox/src/css/swipebox.css') ?>
|
||||||
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript" nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
|
||||||
$(document).ready(function () {
|
$(document).ready(function () {
|
||||||
$('.swipebox' ).swipebox();
|
$('.swipebox' ).swipebox();
|
||||||
});
|
});
|
||||||
|
|
Loading…
Reference in a new issue