From e83480fdae73b3a8bddb5e0018caeab0ca99a016 Mon Sep 17 00:00:00 2001 From: Thomas Philipona Date: Tue, 26 Nov 2024 11:27:33 +0100 Subject: [PATCH 1/8] Move headers to index.headers --- layouts/index.headers | 4 ++-- netlify.toml | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/layouts/index.headers b/layouts/index.headers index 171213a2..b4679e79 100644 --- a/layouts/index.headers +++ b/layouts/index.headers @@ -2,8 +2,8 @@ Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block - Content-Security-Policy: default-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-Sz0IuK/4LfFJVp69F4UHK80xoxDZLOBPMJhPi0XZl3A='; style-src 'self' 'unsafe-inline' - X-Frame-Options: SAMEORIGIN + Content-Security-Policy = "connect-src * 'self';" + X-Frame-Options: SAMEORIGIN Referrer-Policy: strict-origin Cache-Control: public, max-age=31536000 Access-Control-Allow-Origin: {{ .Site.BaseURL }} diff --git a/netlify.toml b/netlify.toml index 0b2bee89..2fb4a03d 100644 --- a/netlify.toml +++ b/netlify.toml @@ -43,7 +43,5 @@ publish = "public" autoLaunch = false -[[headers]] - for = "/*" - [headers.values] - Content-Security-Policy = "connect-src * 'self';" + + # Content-Security-Policy: default-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk=' 'sha256-Sz0IuK/4LfFJVp69F4UHK80xoxDZLOBPMJhPi0XZl3A='; style-src 'self' 'unsafe-inline' \ No newline at end of file From 92a08829af1150c02a217392c64273c452671e9a Mon Sep 17 00:00:00 2001 From: Thomas Philipona Date: Tue, 26 Nov 2024 11:30:16 +0100 Subject: [PATCH 2/8] Add script --- layouts/partials/head/head.html | 1 + 1 file changed, 1 insertion(+) diff --git a/layouts/partials/head/head.html b/layouts/partials/head/head.html index cbf4c755..3cc3882f 100644 --- a/layouts/partials/head/head.html +++ b/layouts/partials/head/head.html @@ -7,4 +7,5 @@ {{ block "head/seo" . }}{{ partial "head/seo.html" . }}{{ end }} {{ block "head/favicons" . }}{{ partial "head/favicons.html" . }}{{ end }} {{ block "head/script-header" . }}{{ partial "head/script-header.html" . }}{{ end }} + From b01cf2ece05c030fbdf43609f7bd54366f21fadb Mon Sep 17 00:00:00 2001 From: Thomas Philipona Date: Tue, 26 Nov 2024 11:35:29 +0100 Subject: [PATCH 3/8] Add script and Datenschutz remark --- content/en/datenschutzerklaerung.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/datenschutzerklaerung.md b/content/en/datenschutzerklaerung.md index deac95de..2a9730df 100644 --- a/content/en/datenschutzerklaerung.md +++ b/content/en/datenschutzerklaerung.md @@ -194,7 +194,7 @@ Darüber hinaus gelten jeweils die Allgemeinen Geschäftsbedingungen (AGB) und N ## 9. Cookies und weitere Tracking-Technologien -Diese Website verwendet keine Cookies oder andere Tracking-Tools. +Diese Website verwendet keine Cookies. Zur Analyse des Nutzungsverhalten der Website Besucher setzen wir das Cookie freie Analyticstool von ein.