schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSP, SRI, and auto-hash deploy pipeline

Browse Source 
- Content Security Policy via <meta> tag (blocks exfiltration to foreign domains)
- Subresource Integrity on all static and dynamically loaded scripts
- Nginx security headers snippet (HSTS, CSP, frame-ancestors on all responses)
- Auto-minify and SRI hash update in deploy.sh (prevents stale hashes)
This commit is contained in:
Alexander Schmidt
2026-03-27 07:51:01 +01:00
parent 2a3cc5682c
commit 83e7d43a74
6 changed files with 71 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
privacy.html
View File

@@ -5,8 +5,9 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>xmrpay.link — Privacy & Terms</title>
<meta name="description" content="Privacy policy and terms of use for xmrpay.link.">
<meta http-equiv="Content-Security-Policy" content="default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; base-uri 'none'">
<link rel="icon" href="favicon.svg" type="image/svg+xml">
<link rel="stylesheet" href="style.css?v=20260326-3">
<link rel="stylesheet" href="style.css?v=20260326-3" integrity="sha384-ntklmpjtBHVfhFRH4pdoZb86mpDOt3aBw7s2XFpvGgT8vrelMuw6H4EnPultQEXT" crossorigin="anonymous">
<style>
main.legal-main {
max-width: 920px;