Merge pull request #151 from DougReeder/style-src-self
Refactors style bundling so it's easy to avoid an insecure CSP
This commit is contained in:
commit
4f0a64d781
@ -112,3 +112,12 @@ Deploy this Eleventy site in just a few clicks on these services:
|
||||
- `_includes/layouts/post.njk`: the blog post template (wrapped into `base.njk`)
|
||||
- `_includes/postslist.njk` is a Nunjucks include and is a reusable component used to display a list of all the posts. `content/index.njk` has an example of how to use it.
|
||||
|
||||
If your site enforces a Content Security Policy (as public-facing sites should), either, in `base.njk`, disable
|
||||
```html
|
||||
<style>{% getBundle "css" %}</style>
|
||||
```
|
||||
and enable
|
||||
```html
|
||||
<link rel="stylesheet" href="{% getBundleFileUrl "css" %}">
|
||||
```
|
||||
or configure the server with the CSP directive `style-src: 'unsafe-inline'` (which is less secure).
|
||||
|
@ -30,6 +30,8 @@
|
||||
|
||||
{#- Render the CSS bundle using Inlined CSS (for the fastest site performance in production) #}
|
||||
<style>{% getBundle "css" %}</style>
|
||||
{#- Renders the CSS bundle using a separate file, if you can't set CSP directive style-src: 'unsafe-inline' #}
|
||||
{#- <link rel="stylesheet" href="{% getBundleFileUrl "css" %}"> #}
|
||||
</head>
|
||||
<body>
|
||||
<a href="#skip" class="visually-hidden">Skip to main content</a>
|
||||
|
@ -1,4 +1,5 @@
|
||||
<ol reversed class="postlist" style="counter-reset: start-from {{ (postslistCounter or postslist.length) + 1 }}">
|
||||
{%- css %}.postlist { counter-reset: start-from {{ (postslistCounter or postslist.length) + 1 }} }{% endcss %}
|
||||
<ol reversed class="postlist">
|
||||
{% for post in postslist | reverse %}
|
||||
<li class="postlist-item{% if post.url == url %} postlist-item-active{% endif %}">
|
||||
<a href="{{ post.url }}" class="postlist-link">{% if post.data.title %}{{ post.data.title }}{% else %}<code>{{ post.url }}</code>{% endif %}</a>
|
||||
|
Loading…
Reference in New Issue
Block a user