1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-09-15 18:57:04 +00:00

Avoid extra HTTP request for fetching custom stylesheet

Use inline CSS with a nonce and move CSP headers to a meta tag.
This commit is contained in:
Frédéric Guillot 2021-05-31 14:16:50 -07:00 committed by fguillot
parent 09be3d2bac
commit dd3f496d06
5 changed files with 14 additions and 21 deletions

View file

@ -31,8 +31,13 @@
<meta name="theme-color" content="{{ theme_color .theme }}">
<link rel="stylesheet" type="text/css" href="{{ route "stylesheet" "name" .theme }}?{{ .theme_checksum }}">
{{ if and .user .user.Stylesheet }}
<link rel="stylesheet" type="text/css" href="{{ route "stylesheet" "name" "custom_css" }}?{{ rand }}">
{{ $stylesheetNonce := nonce }}
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src * data:; media-src *; frame-src *; style-src 'nonce-{{ $stylesheetNonce }}'">
<style nonce="{{ $stylesheetNonce }}">{{ .user.Stylesheet | safeCSS }}</style>
{{ else }}
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src * data:; media-src *; frame-src *">
{{ end }}
<script src="{{ route "javascript" "name" "app" }}?{{ .app_js_checksum }}" defer></script>