From 12684be6aa9bde614b6066bdffad57564ce7a7e1 Mon Sep 17 00:00:00 2001 From: video-prize-ranch Date: Sun, 10 Apr 2022 11:21:41 -0400 Subject: [PATCH] Add manifest-src to CSP and add name to manifest (closes #27) --- pages/frontpage.go | 2 +- pages/gallery.go | 2 +- pages/media.go | 2 +- pages/post.go | 2 +- pages/tag.go | 2 +- pages/user.go | 2 +- static/favicon/site.webmanifest | 4 ++-- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/pages/frontpage.go b/pages/frontpage.go index b2d97a4..e5e77d0 100644 --- a/pages/frontpage.go +++ b/pages/frontpage.go @@ -8,7 +8,7 @@ import ( func HandleFrontpage(c *fiber.Ctx) error { utils.SetHeaders(c) c.Set("Cache-Control", "public,max-age=31557600") - c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") + c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") return c.Render("frontpage", fiber.Map{ "proto": c.Protocol(), diff --git a/pages/gallery.go b/pages/gallery.go index ea381b7..2c5de97 100644 --- a/pages/gallery.go +++ b/pages/gallery.go @@ -9,7 +9,7 @@ import ( func HandleGallery(c *fiber.Ctx) error { utils.SetHeaders(c) - c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") + c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") album, err := api.FetchAlbum(c.Params("galleryID")) if err != nil { diff --git a/pages/media.go b/pages/media.go index 1b959b8..22973d2 100644 --- a/pages/media.go +++ b/pages/media.go @@ -25,7 +25,7 @@ func HandleUserAvatar(c *fiber.Ctx) error { func handleMedia(c *fiber.Ctx, url string) error { utils.SetHeaders(c) - c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") + c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") res, err := http.Get(url) if err != nil { diff --git a/pages/post.go b/pages/post.go index 52d5c8f..47adec5 100644 --- a/pages/post.go +++ b/pages/post.go @@ -11,7 +11,7 @@ import ( func HandlePost(c *fiber.Ctx) error { utils.SetHeaders(c) - c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") + c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") post, err := api.FetchPosts(c.Params("postID")) if post.Id == "" { diff --git a/pages/tag.go b/pages/tag.go index 2187584..588375d 100644 --- a/pages/tag.go +++ b/pages/tag.go @@ -11,7 +11,7 @@ import ( func HandleTag(c *fiber.Ctx) error { utils.SetHeaders(c) c.Set("Cache-Control", "public,max-age=604800") - c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") + c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") page := "1" if c.Query("page") != "" { diff --git a/pages/user.go b/pages/user.go index 58e2a4c..793c6de 100644 --- a/pages/user.go +++ b/pages/user.go @@ -13,7 +13,7 @@ import ( func HandleUser(c *fiber.Ctx) error { utils.SetHeaders(c) c.Set("Cache-Control", "public,max-age=604800") - c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") + c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") page := "0" if c.Query("page") != "" { diff --git a/static/favicon/site.webmanifest b/static/favicon/site.webmanifest index 78fcc75..3b119b2 100644 --- a/static/favicon/site.webmanifest +++ b/static/favicon/site.webmanifest @@ -1,6 +1,6 @@ { - "name": "", - "short_name": "", + "name": "rimgo", + "short_name": "rimgo", "icons": [ { "src": "/static/favicon/android-chrome-192x192.png",