pcmt/templates/head.tmpl
leo 50c3c939b6
All checks were successful
continuous-integration/drone/push Build is passing
head.tmpl: add Content Security Policy meta attr
* implement calculating integrity for script, stylesheet assets
* break out browser-sync loader script to its own file (instead of
  inline)
* implement Content Security Policy that only allows BrowserSync scripts
  and hooks to load from localhost when DevelMode is enabled (i.e. not
  in production)
2023-05-15 14:12:39 +02:00

32 lines
1.4 KiB
Go HTML Template

<!DOCTYPE html>
<html>
<head>
{{- if true -}}
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, height=device-height initial-scale=1.0, minimum-scale=1.0">
{{ else }}
{{htmlSafe "<!--[if IE 6]>"}}
<meta http-equiv="Content-Type" content="text/html; charset=Unicode">
{{htmlSafe "<![endif]-->"}}
{{ end -}}
<title>{{if .Title}}{{ .Title }} -{{end}} {{if .AppName}}{{ .AppName }}{{end}}</title>
{{- if .AppName -}}
<meta property="og:title" content="{{ .AppName }}">
<meta property="og:site_name" content="{{ .AppName }}">
{{- end -}}
<meta property="og:type" content="website">
<meta name="referrer" content="no-referrer, strict-origin-when-cross-origin">
<link rel="icon" href="/assets/img/logo-pcmt.svg" type="image/svg+xml">
<link href="/assets/css/pcmt.css" rel="preload" as="style" integrity="{{- sha384 "css/pcmt.css" -}}">
<link href="/assets/css/pcmt.css" rel="stylesheet" integrity="{{- sha384 "css/pcmt.css" -}}">
{{- if .DevelMode -}}
<meta http-equiv="content-security-policy" content="upgrade-insecure-requests; default-src 'self'; connect-src 'self' ws://localhost:3002 http://localhost:3002; script-src 'self' http://localhost:3002;"/>
<!-- inject browsersync script if running in devel mode -->
{{ template "browsersync.tmpl" }}
{{ else }}
<meta http-equiv="content-security-policy" content="upgrade-insecure-requests; default-src 'self'; connect-src 'self'; script-src 'self';"/>
{{- end -}}
</head>