From a4089fcc72c40575c2572ca34be953b680d2ce90 Mon Sep 17 00:00:00 2001 From: Matt Moyer Date: Tue, 23 Feb 2021 14:26:58 -0600 Subject: [PATCH] Add security headers to the website. The one bit of JS we have for the mobile menu needed some tweaking. Signed-off-by: Matt Moyer --- site/netlify.toml | 8 ++++++++ site/themes/pinniped/layouts/partials/header.html | 2 +- site/themes/pinniped/static/js/main.js | 5 ++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/site/netlify.toml b/site/netlify.toml index ba32a73e..3118ada5 100644 --- a/site/netlify.toml +++ b/site/netlify.toml @@ -33,3 +33,11 @@ HUGO_ENABLEGITINFO = "true" for = "/fonts/*" [headers.values] Access-Control-Allow-Origin = "*" + +[[headers]] + for = "/*" + [headers.values] + Content-Security-Policy = "default-src 'self'; img-src *" + X-Content-Type-Options = "nosniff" + X-Frame-Options = "DENY" + X-XSS-Protection = "1; mode=block" \ No newline at end of file diff --git a/site/themes/pinniped/layouts/partials/header.html b/site/themes/pinniped/layouts/partials/header.html index a1c9b005..9c6cf038 100644 --- a/site/themes/pinniped/layouts/partials/header.html +++ b/site/themes/pinniped/layouts/partials/header.html @@ -7,7 +7,7 @@
  • Blog
  • Docs
  • - diff --git a/site/themes/pinniped/static/js/main.js b/site/themes/pinniped/static/js/main.js index 8429fd75..8a96e2b7 100644 --- a/site/themes/pinniped/static/js/main.js +++ b/site/themes/pinniped/static/js/main.js @@ -3,4 +3,7 @@ function mobileNavToggle() { var menu = document.getElementById("mobile-menu").parentElement; menu.classList.toggle('mobile-menu-visible'); -} \ No newline at end of file +} +document.addEventListener('DOMContentLoaded', function () { + document.getElementById('mobile-menu-button').addEventListener('click', mobileNavToggle); +}); \ No newline at end of file