Refactors style bundling so it's easy to avoid an insecure CSP

README.md

@@ -112,3 +112,12 @@ Deploy this Eleventy site in just a few clicks on these services:
 	- `_includes/layouts/post.njk`: the blog post template (wrapped into `base.njk`)
 - `_includes/postslist.njk` is a Nunjucks include and is a reusable component used to display a list of all the posts. `content/index.njk` has an example of how to use it.
 
+If your site enforces a Content Security Policy (as public-facing sites should), either, in `base.njk`, disable
+```html
+<style>{% getBundle "css" %}</style>
+```
+and enable
+```html
+<link rel="stylesheet" href="{% getBundleFileUrl "css" %}">
+```
+or configure the server with the CSP directive `style-src: 'unsafe-inline'` (which is less secure).

_includes/layouts/base.njk

@@ -30,6 +30,8 @@
 
 		{#- Render the CSS bundle using Inlined CSS (for the fastest site performance in production) #}
 		<style>{% getBundle "css" %}</style>
+		{#- Renders the CSS bundle using a separate file, if you can't set CSP directive style-src: 'unsafe-inline' #}
+		{#- <link rel="stylesheet" href="{% getBundleFileUrl "css" %}"> #}
 	</head>
 	<body>
 		<a href="#skip" class="visually-hidden">Skip to main content</a>

_includes/postslist.njk

@@ -1,4 +1,5 @@
-<ol reversed class="postlist" style="counter-reset: start-from {{ (postslistCounter or postslist.length) + 1 }}">
+{%- css %}.postlist { counter-reset: start-from {{ (postslistCounter or postslist.length) + 1 }} }{% endcss %}
+<ol reversed class="postlist">
 {% for post in postslist | reverse %}
 	<li class="postlist-item{% if post.url == url %} postlist-item-active{% endif %}">
 		<a href="{{ post.url }}" class="postlist-link">{% if post.data.title %}{{ post.data.title }}{% else %}<code>{{ post.url }}</code>{% endif %}</a>