Füge Sicherheitsheader hinzu: Erlaube bestimmte Befehle und definiere HTTP-Methoden für die Ausführung

Author: marci

hugo.yaml

@@ -65,7 +65,29 @@ languages:
 
 # Force a locale to be use, really useful to develop the application ! Should be commented in production, the "weight" should rocks.
 DefaultContentLanguage: de
-
+# Security headers
+security:
+  enableInlineShortcodes: false
+  exec:
+    allow:
+    - ^(dart-)?sass(-embedded)?$
+    - ^go$
+    - ^git$
+    - ^npx$
+    - ^postcss$
+    - ^tailwindcss$
+    osEnv:
+    - (?i)^((HTTPS?|NO)_PROXY|PATH(EXT)?|APPDATA|TE?MP|TERM|GO\w+|(XDG_CONFIG_)?HOME|USERPROFILE|SSH_AUTH_SOCK|DISPLAY|LANG|SYSTEMDRIVE)$
+  funcs:
+    getenv:
+    - ^HUGO_
+    - ^CI$
+  http:
+    mediaTypes: null
+    methods:
+    - (?i)GET|POST
+    urls:
+    - .*
 # permalink
 permalinks:
   section: /:section/:title/