🔒️ Enforce Content-Security-Policy on our website (#4761)

dubzzz · Feb 29, 2024 · 0c63d6c · 0c63d6c
1 parent 0a379a7
commit 0c63d6c
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/.github/workflows/build-status.yml b/.github/workflows/build-status.yml
@@ -528,7 +528,9 @@ jobs:
       - name: Configure custom headers
         run: |
           echo "/*" > artifacts/_headers
-          echo "  Content-Security-Policy-Report-Only: default-src 'none'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com; script-src 'self' www.googletagmanager.com; style-src 'self'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers
+          echo "  Content-Security-Policy: default-src 'none'; img-src 'self' data: badge.fury.io *.cloudfront.net img.shields.io raw.githubusercontent.com www.netlify.com api.securityscorecards.dev bestpractices.coreinfrastructure.org www.bestpractices.dev;connect-src *.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com;frame-src *.codesandbox.io www.youtube-nocookie.com; style-src 'self' 'unsafe-inline'; manifest-src 'self'; base-uri fast-check.dev;" >> artifacts/_headers
+          echo "/api-reference/*" >> artifacts/_headers
+          echo "  Content-Security-Policy: default-src 'none'; img-src 'self' data:; connect-src data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" >> artifacts/_headers
       - name: Compress documentation artifacts as zip
         run: zip -r artifacts.zip artifacts
       - name: Deploy to Netlify

diff --git a/website/blog/authors.yml b/website/blog/authors.yml
@@ -2,4 +2,4 @@ dubzzz:
   name: Nicolas Dubien
   title: fast-check maintainer
   url: https://github.com/dubzzz
-  image_url: https://github.com/dubzzz.png
+  image_url: '/img/_/avatar_48_dubzzz.jpg'
diff --git a/website/prebuild/optimize-images.mjs b/website/prebuild/optimize-images.mjs
@@ -19,6 +19,7 @@ const quotes = [
   'https://github.com/jakebailey.png',
   'https://github.com/Andarist.png',
 ];
+const authorsOfPosts = ['https://github.com/dubzzz.png'];
 const allAvatars = [
   ...allContributors.contributors.map((contributor) => ({
     url: contributor.avatar_url,
@@ -30,6 +31,11 @@ const allAvatars = [
     login: quote.split('/').at(-1).split('.').slice(0, -1).join('.'),
     size: 64,
   })),
+  ...authorsOfPosts.map((quote) => ({
+    url: quote,
+    login: quote.split('/').at(-1).split('.').slice(0, -1).join('.'),
+    size: 48,
+  })),
 ];
 
 for (const avatar of allAvatars) {