✨ feat: allow disabling CSP, following the hierarchy

Introduces new option `enable_csp`, true by default. Can be set on a page, section or globally.
2024-03-15 15:04:37 +01:00
parent 8537bbc10e
commit 5e0cbdd67d
10 changed files with 30 additions and 7 deletions
--- a/config.toml
+++ b/config.toml
@@ -263,6 +263,10 @@ allowed_domains = [
    { directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com"] },
 ]

+# Enable the CSP directives configured (or default).
+# Can be set at page or section levels, following the hierarchy: page > section > config. See: https://welpo.github.io/tabi/blog/mastering-tabi-settings/#settings-hierarchy
+enable_csp = true
+
 # Custom subset of characters for the header.
 # If set to true, the `static/custom_subset.css` file will be loaded first.
 # This avoids a flashing text issue in Firefox.