Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove need for 'unsafe-inline' in umo.ci CSP #336

Open
cyphar opened this issue Jun 27, 2020 · 1 comment
Open

remove need for 'unsafe-inline' in umo.ci CSP #336

cyphar opened this issue Jun 27, 2020 · 1 comment
Labels
cii/gold CII Best Practices [gold] security website umo.ci

Comments

@cyphar
Copy link
Member

cyphar commented Jun 27, 2020

Right now, hugo-theme-learn uses trivial inline JS and CSS which means we have to enable unsafe-inline in our Content-Security-Policy which reduces the benefit of CSPs. It might be necessary to switch themes, and it's no longer necessary to have a green theme since we aren't an openSUSE project anymore (maybe there's a readthedocs theme for Hugo?).
@cyphar
Copy link
Member Author

cyphar commented Jun 29, 2020
edited

I think we should switch themes. book and whisper look pretty reasonable, though docsy does seem more "professional".

@cyphar cyphar added the cii/gold CII Best Practices [gold] label Jun 29, 2020
@cyphar cyphar mentioned this issue Jul 1, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cii/gold CII Best Practices [gold] security website umo.ci
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cyphar