From a4089fcc72c40575c2572ca34be953b680d2ce90 Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyerm@vmware.com>
Date: Tue, 23 Feb 2021 14:26:58 -0600
Subject: [PATCH] Add security headers to the website.

The one bit of JS we have for the mobile menu needed some tweaking.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
---
 site/netlify.toml                                 | 8 ++++++++
 site/themes/pinniped/layouts/partials/header.html | 2 +-
 site/themes/pinniped/static/js/main.js            | 5 ++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/site/netlify.toml b/site/netlify.toml
index ba32a73e..3118ada5 100644
--- a/site/netlify.toml
+++ b/site/netlify.toml
@@ -33,3 +33,11 @@ HUGO_ENABLEGITINFO = "true"
   for = "/fonts/*"
   [headers.values]
     Access-Control-Allow-Origin = "*"
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Content-Security-Policy = "default-src 'self'; img-src *"
+    X-Content-Type-Options = "nosniff"
+    X-Frame-Options = "DENY"
+    X-XSS-Protection = "1; mode=block"
\ No newline at end of file
diff --git a/site/themes/pinniped/layouts/partials/header.html b/site/themes/pinniped/layouts/partials/header.html
index a1c9b005..9c6cf038 100644
--- a/site/themes/pinniped/layouts/partials/header.html
+++ b/site/themes/pinniped/layouts/partials/header.html
@@ -7,7 +7,7 @@
 			<li><a href="/blog/" {{ if or (eq .Page.Section "posts") (eq .Page.Section "tags") }}class="active"{{ end }}>Blog</a></li>
 			<li><a href="/docs/" {{ if (eq .Page.Section "docs") }}class="active"{{ end }}>Docs</a></li>
 		</ul>
-		<button type="button" class="mobile" onclick="mobileNavToggle()">
+		<button type="button" class="mobile" id="mobile-menu-button">
 			<img class="collapsed-icon" src="/img/hamburger.svg" alt="Mobile nav icon">
 			<img class="expanded-icon" src="/img/close.svg" alt="Mobile nav icon">
 		</button>
diff --git a/site/themes/pinniped/static/js/main.js b/site/themes/pinniped/static/js/main.js
index 8429fd75..8a96e2b7 100644
--- a/site/themes/pinniped/static/js/main.js
+++ b/site/themes/pinniped/static/js/main.js
@@ -3,4 +3,7 @@
 function mobileNavToggle() {
     var menu = document.getElementById("mobile-menu").parentElement;
     menu.classList.toggle('mobile-menu-visible');
-}
\ No newline at end of file
+}
+document.addEventListener('DOMContentLoaded', function () {
+    document.getElementById('mobile-menu-button').addEventListener('click', mobileNavToggle);
+});
\ No newline at end of file