From 9157b308667ac02931bb4488dc8a4361e0f9b4a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Gaya?= <sebastien.gaya@gmail.com>
Date: Mon, 24 Jul 2023 15:37:43 +0200
Subject: [PATCH] strict csp based on data website

---
 layouts/partials/head/csp.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/layouts/partials/head/csp.html b/layouts/partials/head/csp.html
index 2fc5f806..82d5cb22 100644
--- a/layouts/partials/head/csp.html
+++ b/layouts/partials/head/csp.html
@@ -1,3 +1,5 @@
+{{- with site.Data.website.external_domains -}}
 <meta
   http-equiv="Content-Security-Policy"
-  content="default-src 'self' https://* {{ if not hugo.IsProduction }}'unsafe-inline'{{ end }}" />
\ No newline at end of file
+  content="default-src 'self' {{ delimit . " " }} {{ if not hugo.IsProduction }}'unsafe-inline'{{ end }}" />
+{{- end -}}
\ No newline at end of file
-- 
GitLab