Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inline test CSS in test HTML #15

Open
skyfaller opened this issue Mar 29, 2022 · 0 comments
Open

inline test CSS in test HTML #15

skyfaller opened this issue Mar 29, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@skyfaller
Copy link
Contributor

skyfaller commented Mar 29, 2022
edited
Loading

The main reason to separate CSS from HTML is so that you can reuse the CSS with other pages on the same website. The test HTML is only one page.

The primary remaining reason not to inline it is that allowing inlining of CSS can be a security risk, which a strong Content Security Policy would block. This can be mitigated if you include a hash of your inline stylesheet (sans trailing whitespace?).

A nonce could also work, but I have no idea how one would implement it in Caddy, and a hash seems more appropriate for static content anyway.

https://content-security-policy.com/hash/ has more info on hashes.
@skyfaller skyfaller added the enhancement New feature or request label Mar 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skyfaller