From e316dc25ab649528be19d3f4b3ef165cbd976a2b Mon Sep 17 00:00:00 2001 From: welpo Date: Mon, 22 May 2023 18:28:09 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20docs:=20rephrase=20last=20senten?= =?UTF-8?q?ce?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- content/blog/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/blog/security.md b/content/blog/security.md index 7431faf..d8170d4 100644 --- a/content/blog/security.md +++ b/content/blog/security.md @@ -1,7 +1,7 @@ +++ title = "Secure by default" date = 2023-02-22 -updated = 2023-04-29 +updated = 2023-05-22 description = "tabi has an easily customizable Content Security Policy (CSP) with safe defaults. Get peace of mind and an A+ on Mozilla Observatory." [taxonomies] @@ -25,6 +25,6 @@ allowed_domains = [ The `allowed_domains` list specifies the URLs that the website should be able to connect to, and each domain in the list is associated with a CSP directive such as `frame-src`, `connect-src`, or `script-src`. The `templates/partials/header.html` file dynamically generates the CSP header based on this list. -This feature allows you to easily customize the website's security headers to allow for specific use cases, such as embedding YouTube videos, loading remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)) or scripts. +This feature allows you to easily customize the website's security headers to allow for specific use cases, such as embedding YouTube videos, loading scripts or remote fonts ([not recommended](https://www.albertovarela.net/blog/2022/11/stop-using-google-fonts/)). [^1]: Requires proper webserver configuration (e.g. redirecting HTTP traffic to HTTPS).