leo
50c3c939b6
All checks were successful
continuous-integration/drone/push Build is passing
* implement calculating integrity for script, stylesheet assets * break out browser-sync loader script to its own file (instead of inline) * implement Content Security Policy that only allows BrowserSync scripts and hooks to load from localhost when DevelMode is enabled (i.e. not in production)
32 lines
1.4 KiB
Go HTML Template
32 lines
1.4 KiB
Go HTML Template
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
{{- if true -}}
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, height=device-height initial-scale=1.0, minimum-scale=1.0">
|
|
{{ else }}
|
|
{{htmlSafe "<!--[if IE 6]>"}}
|
|
<meta http-equiv="Content-Type" content="text/html; charset=Unicode">
|
|
{{htmlSafe "<![endif]-->"}}
|
|
{{ end -}}
|
|
<title>{{if .Title}}{{ .Title }} -{{end}} {{if .AppName}}{{ .AppName }}{{end}}</title>
|
|
{{- if .AppName -}}
|
|
<meta property="og:title" content="{{ .AppName }}">
|
|
<meta property="og:site_name" content="{{ .AppName }}">
|
|
{{- end -}}
|
|
<meta property="og:type" content="website">
|
|
<meta name="referrer" content="no-referrer, strict-origin-when-cross-origin">
|
|
|
|
<link rel="icon" href="/assets/img/logo-pcmt.svg" type="image/svg+xml">
|
|
<link href="/assets/css/pcmt.css" rel="preload" as="style" integrity="{{- sha384 "css/pcmt.css" -}}">
|
|
<link href="/assets/css/pcmt.css" rel="stylesheet" integrity="{{- sha384 "css/pcmt.css" -}}">
|
|
|
|
{{- if .DevelMode -}}
|
|
<meta http-equiv="content-security-policy" content="upgrade-insecure-requests; default-src 'self'; connect-src 'self' ws://localhost:3002 http://localhost:3002; script-src 'self' http://localhost:3002;"/>
|
|
<!-- inject browsersync script if running in devel mode -->
|
|
{{ template "browsersync.tmpl" }}
|
|
{{ else }}
|
|
<meta http-equiv="content-security-policy" content="upgrade-insecure-requests; default-src 'self'; connect-src 'self'; script-src 'self';"/>
|
|
{{- end -}}
|
|
</head>
|