From 3fd0a25c70ec85bab724317e1ef21007e676b645 Mon Sep 17 00:00:00 2001 From: echarp Date: Sun, 7 May 2023 17:51:04 +0200 Subject: [PATCH] Integrity management for external js --- bin/acoeur.conf | 5 +++-- .../acoeur/layouts/partials/head-additions.html | 17 +++++++++++------ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/bin/acoeur.conf b/bin/acoeur.conf index 9298b2b..4535d98 100644 --- a/bin/acoeur.conf +++ b/bin/acoeur.conf @@ -7,7 +7,7 @@ AuthUserFile /home/manu/Adata/.htaccessPasswords - AuthName "Quiz d'A Livr'Ouvert" + AuthName "Moteur acoeur" AuthType Basic Require user mag manu amelie tiffany @@ -32,7 +32,8 @@ CustomLog /var/simpleWeb/log/apache/acoeur.log combined - Header always set Access-Control-Allow-Origin "cdnjs.cloudflare.com" + # Some level of protection against attacks + Header always set Access-Control-Allow-Origin "https://cdn.jsdelivr.net" diff --git a/themes/acoeur/layouts/partials/head-additions.html b/themes/acoeur/layouts/partials/head-additions.html index 7bb6153..a8de4fe 100644 --- a/themes/acoeur/layouts/partials/head-additions.html +++ b/themes/acoeur/layouts/partials/head-additions.html @@ -1,14 +1,14 @@ + src="https://cdn.jsdelivr.net/npm/tinymce@6.4.2/tinymce.min.js" + integrity="sha256-IkzPrE0TvQ1UKCWBCCRVNpDBU3CxMyQE6yLepGnV1sA=" + crossorigin="anonymous"> + src="https://cdn.jsdelivr.net/npm/easyqrcodejs@4.4.13/dist/easy.qrcode.min.js" + integrity="sha256-ysnj5Mp9adRzpXyhbGW2YTdUSpdapignH3Z57bMq6G8=" + crossorigin="anonymous"> {{ with resources.Get "js/misc.js" | minify | fingerprint }} @@ -41,3 +41,8 @@ {{ with resources.Get "js/prettify.js" | minify | fingerprint }} {{ end }} + + \ No newline at end of file