From 73a563872e8fa94dfb186e459255f4e257249429 Mon Sep 17 00:00:00 2001 From: welpo Date: Wed, 22 Feb 2023 01:52:12 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20docs:=20fix=20typos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- content/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/security.md b/content/security.md index 10dfa1b..bda2613 100644 --- a/content/security.md +++ b/content/security.md @@ -7,7 +7,7 @@ tags = ["security", "showcase"] The default configuration of the theme gets an A+ score on [Mozilla Observatory](https://observatory.mozilla.org). -This is accomplished by programatically configuring Content Security Policy (CSP) headers based on a user-defined list of allowed domains in the theme's config.toml file. Here's the default and recommended setup (you could remove the last lines if you don't want to embed videos): +This is accomplished by programatically configuring Content Security Policy (CSP) headers based on a user-defined list of allowed domains in the theme's `config.toml` file. Here's the default and recommended setup (you could remove the last lines if you don't want to embed videos): ``` [extra] @@ -21,4 +21,4 @@ allowed_domains = [ The allowed_domains list specifies the URLs that the website should be able to connect to, and each domain in the list is associated with a CSP directive such as `frame-src`, `connect-src`, or `script-src`. The `templates/partials/header.html` file dynamically generates the CSP header based on this list. -This feature allows you to easily customize their website's security headers to allow for specific use cases, such as embedding YouTube videos, loading remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)) or scripts. +This feature allows you to easily customize the website's security headers to allow for specific use cases, such as embedding YouTube videos, loading remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)) or scripts.