Merge pull request #447 from mattmoyer/website-security-headers

Add security headers to the website.
2021-02-23 14:39:31 -06:00 · 2021-02-23 14:39:31 -06:00 · 522210adb6
parent 60034b39a3 a4089fcc72
commit 522210adb6
3 changed files with 13 additions and 2 deletions
--- a/site/netlify.toml
+++ b/site/netlify.toml
@ -33,3 +33,11 @@ HUGO_ENABLEGITINFO = "true"
  for = "/fonts/*"
  [headers.values]
    Access-Control-Allow-Origin = "*"
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Content-Security-Policy = "default-src 'self'; img-src *"
+    X-Content-Type-Options = "nosniff"
+    X-Frame-Options = "DENY"
+    X-XSS-Protection = "1; mode=block"
--- a/site/themes/pinniped/layouts/partials/header.html
+++ b/site/themes/pinniped/layouts/partials/header.html
@ -7,7 +7,7 @@
 			<li><a href="/blog/" {{ if or (eq .Page.Section "posts") (eq .Page.Section "tags") }}class="active"{{ end }}>Blog</a></li>
 			<li><a href="/docs/" {{ if (eq .Page.Section "docs") }}class="active"{{ end }}>Docs</a></li>
 		</ul>
-		<button type="button" class="mobile" onclick="mobileNavToggle()">
+		<button type="button" class="mobile" id="mobile-menu-button">
 			<img class="collapsed-icon" src="/img/hamburger.svg" alt="Mobile nav icon">
 			<img class="expanded-icon" src="/img/close.svg" alt="Mobile nav icon">
 		</button>
--- a/site/themes/pinniped/static/js/main.js
+++ b/site/themes/pinniped/static/js/main.js
@ -4,3 +4,6 @@ function mobileNavToggle() {
    var menu = document.getElementById("mobile-menu").parentElement;
    menu.classList.toggle('mobile-menu-visible');
 }
+document.addEventListener('DOMContentLoaded', function () {
+    document.getElementById('mobile-menu-button').addEventListener('click', mobileNavToggle);
+});