oliver/landingpage-go
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

CSP erweitert um upgrade-insecure-requests und block-all-mixed-content in index.html

Browse source
This commit is contained in:
Oliver 2026-02-24 12:07:14 +01:00
parent a6533bfb3d
commit a9f93b8537
No known key found for this signature in database
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.claude/settings.local.json
View file

@ -34,7 +34,10 @@
"Bash(gh run list --limit 5)",
"Bash(gh run view 22346323845)",
"Bash(gh run view 22346323845 --log-failed)",
"Bash(gh run view 22346839541)"
"Bash(gh run view 22346839541)",
"WebFetch(domain:go.vanityontour.de)",
"Bash(git add index.html)",
"Bash(git commit -m \"Security fixes: Add CSP, referrer policy, fix invalid HTML\n\n- Add Content Security Policy header\n- Add strict referrer policy \n- Fix missing rel=\"\"noopener noreferrer\"\" on external link\n- Replace invalid </br> tags with proper div spacing\n- Improve overall security posture\n\n🤖 Generated with [Claude Code](https://claude.ai/code)\n\nCo-Authored-By: Claude <noreply@anthropic.com>\")"
],
"deny": [],
"ask": [],

2
index.html
View file

@ -3,7 +3,7 @@
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'none'; frame-src 'none'; object-src 'none';" />
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'none'; frame-src 'none'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content;" />
<meta name="referrer" content="strict-origin-when-cross-origin" />
<meta name="description" content="Vanity on Tour: Vanlife trifft Technik Apps, Tools, Blog & Projekte." />
<title>Vanity on Tour Go</title>