Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gethinode/mod-csp
A Hugo module to generate Content Security Policies for your Hinode site (work in progress)
https://github.com/gethinode/mod-csp
Last synced: about 2 months ago
JSON representation
A Hugo module to generate Content Security Policies for your Hinode site (work in progress)
- Host: GitHub
- URL: https://github.com/gethinode/mod-csp
- Owner: gethinode
- License: mit
- Created: 2024-10-05T08:43:05.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2024-10-25T03:09:18.000Z (about 2 months ago)
- Last Synced: 2024-10-26T15:20:23.631Z (about 2 months ago)
- Language: HTML
- Homepage:
- Size: 555 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Hinode Module - Content Security Policies
A Hugo module to generate Content Security Policies for your Hinode site (work in progress)
## About
![Logo](https://raw.githubusercontent.com/gethinode/hinode/main/static/img/logo.png)
Hinode is a clean blog theme for [Hugo][hugo], an open-source static site generator. Hinode is available as a [template][repository_template], and a [main theme][repository]. This repository generates the site's server headers including content security policies. Visit the Hinode documentation site for [installation instructions][hinode_docs].
## Contributing
This module uses [semantic-release][semantic-release] to automate the release of new versions. The package uses `husky` and `commitlint` to ensure commit messages adhere to the [Conventional Commits][conventionalcommits] specification. You can run `npx git-cz` from the terminal to help prepare the commit message.
## Configuration
This module generates the server headers including [Content Security Policies][csp] for a Hinode site. Templates are available for Netlify and the hugo server.
Define the output files in your site configuration (typically `hugo.toml`). The following example defines two outputs generated in the build folder (usually `public`).
```toml
[outputFormats]
[outputFormats.headers]
mediaType = "application/toml"
baseName = "netlify"
isPlainText = true
notAlternative = true
permalinkable = true
[outputFormats.server]
mediaType = "application/toml"
baseName = "server"
isPlainText = true
notAlternative = true
permalinkable = true[outputs]
home = ["headers", "server"]
```Define the default (starter) policy in `data/server.toml`.
This module supports the following parameters (see the section `params.headers` in `config.toml`):
| Setting | Default | Description |
|---------------------------|---------|-------------|
| `headers..source` | | Defines an additional source file to be merged with the output. The source file should be defined in the `data` folder. Supported data formats are `JSON`, `TOML`, `YAML`, and `XML`.You can define Content Security Policies for each Hinode module. Hinode will merge these policies for each included module (either `core`, `optional`, or `critical`). Define each directive as an array type. Please refer to the [Quick Reference Guide][csp] for the available directives and supported values.
The following example defines the policies for `script-src` and `style-src` for the module `example`.
```toml
[params.modules.example.csp]
script-src = [
"//two.com",
"https:"
]
style-src = [
"'self'",
"'sha256-456'"
]
```[hugo]: https://gohugo.io
[hinode_docs]: https://gethinode.com[csp]: https://content-security-policy.com
[repository]: https://github.com/gethinode/hinode.git
[repository_template]: https://github.com/gethinode/template.git
[conventionalcommits]: https://www.conventionalcommits.org
[husky]: https://typicode.github.io/husky/
[semantic-release]: https://semantic-release.gitbook.io/