From b85269b1aa2859c1043b79c338079835fa57fb94 Mon Sep 17 00:00:00 2001 From: "P. Douglas Reeder" Date: Wed, 19 Apr 2023 00:34:18 -0400 Subject: [PATCH] Refactors style bundling so it's easy to avoid an insecure CSP --- README.md | 9 +++++++++ _includes/layouts/base.njk | 2 ++ _includes/postslist.njk | 3 ++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cafa910..927d5bb 100644 --- a/README.md +++ b/README.md @@ -112,3 +112,12 @@ Deploy this Eleventy site in just a few clicks on these services: - `_includes/layouts/post.njk`: the blog post template (wrapped into `base.njk`) - `_includes/postslist.njk` is a Nunjucks include and is a reusable component used to display a list of all the posts. `content/index.njk` has an example of how to use it. +If your site enforces a Content Security Policy (as public-facing sites should), either, in `base.njk`, disable +```html + +``` +and enable +```html + +``` +or configure the server with the CSP directive `style-src: 'unsafe-inline'` (which is less secure). diff --git a/_includes/layouts/base.njk b/_includes/layouts/base.njk index ab3154d..3b3226f 100644 --- a/_includes/layouts/base.njk +++ b/_includes/layouts/base.njk @@ -30,6 +30,8 @@ {#- Render the CSS bundle using Inlined CSS (for the fastest site performance in production) #} + {#- Renders the CSS bundle using a separate file, if you can't set CSP directive style-src: 'unsafe-inline' #} + {#- #} diff --git a/_includes/postslist.njk b/_includes/postslist.njk index 6fdc921..99272c5 100644 --- a/_includes/postslist.njk +++ b/_includes/postslist.njk @@ -1,4 +1,5 @@ -
    +{%- css %}.postlist { counter-reset: start-from {{ (postslistCounter or postslist.length) + 1 }} }{% endcss %} +
      {% for post in postslist | reverse %}
    1. {% if post.data.title %}{{ post.data.title }}{% else %}{{ post.url }}{% endif %}