1
0
Fork 0
forked from fedi/mastodon
mastodon/app/views/layouts/application.html.haml
ThibG e1629a7758
Remove 'unsafe-inline' from Content-Security-Policy style-src (#13679)
* Make sure wicg-inert doesn't rely on inline CSS

* Remove unsafe-inline from style-src
2020-05-08 21:22:57 +02:00

42 lines
1.6 KiB
Plaintext
Executable file

!!! 5
%html{ lang: I18n.locale }
%head
%meta{ charset: 'utf-8' }/
%meta{ name: 'viewport', content: 'width=device-width, initial-scale=1' }/
- if cdn_host?
%link{ rel: 'dns-prefetch', href: cdn_host }/
- if storage_host?
%link{ rel: 'dns-prefetch', href: storage_host }/
%link{ rel: 'icon', href: favicon_path, type: 'image/x-icon' }/
%link{ rel: 'apple-touch-icon', sizes: '180x180', href: '/apple-touch-icon.png' }/
%link{ rel: 'mask-icon', href: '/mask-icon.svg', color: '#2B90D9' }/
%link{ rel: 'manifest', href: '/manifest.json' }/
%meta{ name: 'msapplication-config', content: '/browserconfig.xml' }/
%meta{ name: 'theme-color', content: '#282c37' }/
%meta{ name: 'apple-mobile-web-app-capable', content: 'yes' }/
%title= content_for?(:page_title) ? safe_join([yield(:page_title).chomp.html_safe, title], ' - ') : title
= stylesheet_pack_tag 'common', media: 'all'
= stylesheet_pack_tag current_theme, media: 'all'
= javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
= javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
= csrf_meta_tags
= stylesheet_link_tag '/inert.css', skip_pipeline: true, media: 'all', id: 'inert-style'
- if Setting.custom_css.present?
= stylesheet_link_tag custom_css_path, media: 'all'
= yield :header_tags
%body{ class: body_classes }
= content_for?(:content) ? yield(:content) : yield
.logo-resources
= render file: Rails.root.join('app', 'javascript', 'images', 'logo_transparent.svg')
= render file: Rails.root.join('app', 'javascript', 'images', 'logo_full.svg')