📝 docs: CSP requirements to use built-in syntax highlighting

Resolves #320.
2024-05-30 14:33:09 +02:00
parent 22925caf06
commit 3b0d7e5a66
5 changed files with 30 additions and 6 deletions
--- a/theme.toml
+++ b/theme.toml
@@ -221,6 +221,7 @@ encode_plaintext_email = true  # Setting is ignored if email is already encoded.
 # Default directive is self.
 # Default config, allows for https remote images and embedding YouTube and Vimeo content.
 # This configuration (along with the right webserver settings) gets an A+ in Mozilla's Observatory: https://observatory.mozilla.org
+# Note: to use a Zola built-in syntax highlighting theme, allow unsafe-inline for style-src.
 allowed_domains = [
    { directive = "font-src", domains = ["'self'", "data:"] },
    { directive = "img-src", domains = ["'self'", "https://*", "data:"] },