Fossil SCM
Fix typo in default-src direcive spec.
Commit
f64f757edad53ee768ce3624b43cbab2d72b173282ea65eb0d49a699f33d7a10
Parent
22d28547b7d0595…
1 file changed
+2
-2
+2
-2
| --- www/defcsp.md | ||
| +++ www/defcsp.md | ||
| @@ -319,20 +319,20 @@ | ||
| 319 | 319 | |
| 320 | 320 | The best place to do that is from the [`th1-setup` |
| 321 | 321 | script](./th1-hooks.md), which runs before TH1 processing happens during |
| 322 | 322 | skin processing: |
| 323 | 323 | |
| 324 | - $ fossil set th1-setup "set default_csp {default-src: 'self'}" | |
| 324 | + $ fossil set th1-setup "set default_csp {default-src 'self'}" | |
| 325 | 325 | |
| 326 | 326 | This is the cleanest method, allowing you to set a custom CSP without |
| 327 | 327 | recompiling Fossil or providing a hand-written `<head>` section in the |
| 328 | 328 | Header section of a custom skin. |
| 329 | 329 | |
| 330 | 330 | You can’t remove the CSP entirely with this method, but you can get the |
| 331 | 331 | same effect by telling the browser there are no content restrictions: |
| 332 | 332 | |
| 333 | - $ fossil set th1-setup 'set default_csp {default-src: *}' | |
| 333 | + $ fossil set th1-setup 'set default_csp {default-src *}' | |
| 334 | 334 | |
| 335 | 335 | |
| 336 | 336 | ### <a name="header"></a>Custom Skin Header |
| 337 | 337 | |
| 338 | 338 | Fossil only inserts a CSP into the HTML pages it generates when the |
| 339 | 339 |
| --- www/defcsp.md | |
| +++ www/defcsp.md | |
| @@ -319,20 +319,20 @@ | |
| 319 | |
| 320 | The best place to do that is from the [`th1-setup` |
| 321 | script](./th1-hooks.md), which runs before TH1 processing happens during |
| 322 | skin processing: |
| 323 | |
| 324 | $ fossil set th1-setup "set default_csp {default-src: 'self'}" |
| 325 | |
| 326 | This is the cleanest method, allowing you to set a custom CSP without |
| 327 | recompiling Fossil or providing a hand-written `<head>` section in the |
| 328 | Header section of a custom skin. |
| 329 | |
| 330 | You can’t remove the CSP entirely with this method, but you can get the |
| 331 | same effect by telling the browser there are no content restrictions: |
| 332 | |
| 333 | $ fossil set th1-setup 'set default_csp {default-src: *}' |
| 334 | |
| 335 | |
| 336 | ### <a name="header"></a>Custom Skin Header |
| 337 | |
| 338 | Fossil only inserts a CSP into the HTML pages it generates when the |
| 339 |
| --- www/defcsp.md | |
| +++ www/defcsp.md | |
| @@ -319,20 +319,20 @@ | |
| 319 | |
| 320 | The best place to do that is from the [`th1-setup` |
| 321 | script](./th1-hooks.md), which runs before TH1 processing happens during |
| 322 | skin processing: |
| 323 | |
| 324 | $ fossil set th1-setup "set default_csp {default-src 'self'}" |
| 325 | |
| 326 | This is the cleanest method, allowing you to set a custom CSP without |
| 327 | recompiling Fossil or providing a hand-written `<head>` section in the |
| 328 | Header section of a custom skin. |
| 329 | |
| 330 | You can’t remove the CSP entirely with this method, but you can get the |
| 331 | same effect by telling the browser there are no content restrictions: |
| 332 | |
| 333 | $ fossil set th1-setup 'set default_csp {default-src *}' |
| 334 | |
| 335 | |
| 336 | ### <a name="header"></a>Custom Skin Header |
| 337 | |
| 338 | Fossil only inserts a CSP into the HTML pages it generates when the |
| 339 |