Skip to content
/ mod-csp Public
generated from gethinode/mod-template

A Hugo module to generate Content Security Policies for your Hinode site

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gethinode/mod-csp

BranchesTags

Repository files navigation

Hinode Module - Content Security Policies

A Hugo module to generate Content Security Policies for your Hinode site (work in progress)

About

Logo

Hinode is a clean blog theme for Hugo, an open-source static site generator. Hinode is available as a template, and a main theme. This repository generates the site's server headers including content security policies. Visit the Hinode documentation site for installation instructions.

Contributing

This module uses semantic-release to automate the release of new versions. The package uses husky and commitlint to ensure commit messages adhere to the Conventional Commits specification. You can run npx git-cz from the terminal to help prepare the commit message.

Configuration

This module generates the server headers including Content Security Policies for a Hinode site. Templates are available for Netlify and the hugo server.

Define the output files in your site configuration (typically hugo.toml). The following example defines two outputs generated in the build folder (usually public).

[outputFormats]
  [outputFormats.headers]
    mediaType = "application/toml"
    baseName = "netlify"
    isPlainText = true
    notAlternative = true
    permalinkable = true
  [outputFormats.server]
    mediaType = "application/toml"
    baseName = "server"
    isPlainText = true
    notAlternative = true
    permalinkable = true

[outputs]
home = ["headers", "server"]

Define the default (starter) policy in data/server.toml.

This module supports the following parameters (see the section params.headers in config.toml):

Setting Default Description
headers.<output>.source Defines an additional source file to be merged with the output. The source file should be defined in the data folder. Supported data formats are JSON, TOML, YAML, and XML.

You can define Content Security Policies for each Hinode module. Hinode will merge these policies for each included module (either core, optional, or critical). Define each directive as an array type. Please refer to the Quick Reference Guide for the available directives and supported values.

The following example defines the policies for script-src and style-src for the module example.

[params.modules.example.csp]
    script-src = [
        "//two.com",
        "https:"
    ]
    style-src = [
        "'self'",
        "'sha256-456'"
    ]

About

A Hugo module to generate Content Security Policies for your Hinode site

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 8

v1.0.7 Latest
Jan 4, 2025
+ 7 releases

Contributors 4

  •  
  •  
  •  
  •  

Languages