Add manifest-src to CSP and add name to manifest (closes #27)

2022-04-10 11:21:41 -04:00 · 2022-04-10 11:21:41 -04:00 · 12684be6aa
parent 94b74675b1
commit 12684be6aa
7 changed files with 8 additions and 8 deletions
--- a/pages/frontpage.go
+++ b/pages/frontpage.go
@ -8,7 +8,7 @@ import (
 func HandleFrontpage(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
 	c.Set("Cache-Control", "public,max-age=31557600")
-	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 	return c.Render("frontpage", fiber.Map{
 		"proto": c.Protocol(),
--- a/pages/gallery.go
+++ b/pages/gallery.go
@ -9,7 +9,7 @@ import (
 func HandleGallery(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
-	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 	album, err := api.FetchAlbum(c.Params("galleryID"))
 	if err != nil {
--- a/pages/media.go
+++ b/pages/media.go
@ -25,7 +25,7 @@ func HandleUserAvatar(c *fiber.Ctx) error {
 func handleMedia(c *fiber.Ctx, url string) error {
 	utils.SetHeaders(c)
-	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 	res, err := http.Get(url)
 	if err != nil {
--- a/pages/post.go
+++ b/pages/post.go
@ -11,7 +11,7 @@ import (
 func HandlePost(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
-	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 	post, err := api.FetchPosts(c.Params("postID"))
 	if post.Id == "" {
--- a/pages/tag.go
+++ b/pages/tag.go
@ -11,7 +11,7 @@ import (
 func HandleTag(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
 	c.Set("Cache-Control", "public,max-age=604800")
-	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 	page := "1"
 	if c.Query("page") != "" {
--- a/pages/user.go
+++ b/pages/user.go
@ -13,7 +13,7 @@ import (
 func HandleUser(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
 	c.Set("Cache-Control", "public,max-age=604800")
-	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
 	page := "0"
 	if c.Query("page") != "" {
--- a/static/favicon/site.webmanifest
+++ b/static/favicon/site.webmanifest
@ -1,6 +1,6 @@
 {
-    "name": "",
+    "name": "rimgo",
-    "short_name": "",
+    "short_name": "rimgo",
    "icons": [
        {
            "src": "/static/favicon/android-chrome-192x192.png",