Differences From Artifact [f9d7c3c754]:

• File www/defcsp.md — part of check-in [93cee1f56e] at 2021-09-17 02:02:44 on branch trunk — Converted all uses of the [https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-name | obsolete] named anchor feature from HTML before 4.0 to use fragment identifiers instead. (<tt>www/*</tt> subtree only.) Where possible, changed constructs like <verbatim><a name="foo"></a><h3></verbatim> to <verbatim><h3 id="foo"></verbatim> Also fixed a few cases where the link target came after a header so the browser would scroll the header off the screen when visiting the targeted section. Added a 50em pad at the bottom of one such edited doc to allow the intra-doc link targets to be useful since it's a short enough doc that on sufficiently tall browser windows, scrolling isn't possible, so using those anchors has no visible effect. (user: wyoung size: 21298) [more...]

To Artifact [81dabeac00]:

• File www/defcsp.md — part of check-in [9ce4dd0db2] at 2022-02-02 21:50:32 on branch trunk — Fix typo in defcsp.md: DSP --> CSP (user: mgagnon size: 21298) [more...]

28
29
30
31
32
33
34
35

36
37
38
39
40
41
42

28
29
30
31
32
33
34

35
36
37
38
39
40
41
42

-
+

     default-src 'self' data:;
     script-src 'self' 'nonce-$nonce';
     style-src 'self' 'unsafe-inline';
     img-src * data:;
</pre>

The default is recommended for most installations.  However,
the site administrators can overwrite this default DSP using the
the site administrators can overwrite this default CSP using the
[default-csp setting](/help?cmd=default-csp).  For example,
CSP restrictions can be completely disabled by setting the default-csp to:

<pre>
     default-src *;
</pre>