seo.html in featherweight-0.7

- old
+ new
@@ -2,11 +2,19 @@
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 
 <meta name="description" content="{% if page.description %}{{ page.description }}{% else %}{{ site.description }}{% endif %}">
 
-<link rel="alternate" type="application/rss+xml" title="{{ site.name }}" href="{{ "/feed.xml" | prepend: site.url }}">
-<link rel="sitemap" type="application/xml" title="Sitemap" href="{{ "/sitemap.xml" | prepend: site.url }}" />
+<!-- CSP
+JS: only allow scripts from the same domain and inline scripts
+CSS: only allow styles from the same domain and inline styles
+IMG / MEDIA: allow from any domain
+-->
+<meta http-equiv='Content-Security-Policy' content="default-src 'self' ; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' *; media-src 'self' *;">
+
+<!-- sitemap and rss feed -->
+<link rel="alternate" type="application/rss+xml" title="{{ site.name }}" href="{{ '/feed.xml' | prepend: site.url }}">
+<link rel="sitemap" type="application/xml" title="Sitemap" href="{{ '/sitemap.xml' | prepend: site.url }}" />
 <link rel="canonical" href="{{ page.url | replace:'index.html','' | prepend: site.url }}">
 
 <!-- Google site verification -->
 <meta name="google-site-verification" content="{{ site.google-site-verification }}" />
 