Security Protection

Info

This documentation is AI-generated. You can help improve it by submitting an Issue.

提示

If the issue remains unresolved, visit GitHub Issues to search or submit new feedback, or join QQ group 694413711 for community support.

Contributions to this tutorial are always welcome.

Enable CSP:upgrade-insecure-requests

Enable CSP:upgrade-insecure-requests to ensure all resources are loaded over encrypted connections, reducing man-in-the-middle attack risks. This also avoids errors when HTTPS pages reference HTTP resources.

Related documentation: CSP: upgrade-insecure-requests - HTTP | MDN

Enable Domain Whitelist Access Only

Many bloggers' sites have been cloned by malicious mirror sites. These malicious clones replace original site links, diverting site traffic and affecting SEO.
Therefore, I developed the Domain Whitelist Access Only feature to address this issue.

URL to Base64

Enter your complete site URL in the input box above to generate the Base64 encoded result.
After enabling Domain Whitelist Access Only, enter the Base64 encoded result in "Domain Whitelist List" and "Base64 Encoded Target URL" to defend against malicious cloning.

Add SRI Validation for External Resources

Subresource Integrity (SRI) ensures that static assets loaded from third-party CDNs have not been tampered with, mitigating NPM supply-chain poisoning attacks via public CDNs. By adding the integrity attribute to script or link tags and pairing it with crossorigin, the browser can verify the asset hash.

All JavaScript and CSS assets in this theme already include SRI validation metadata.

SRI example:

<!-- JavaScript -->
<script src="https://example.com/lib.min.js" integrity="sha384-BASE64_HASH_HERE" crossorigin></script>

<!-- CSS -->
<link rel="stylesheet" href="https://example.com/style.min.css" integrity="sha384-BASE64_HASH_HERE" crossorigin />

You can generate SRI metadata using online tools (for example, srihash.org).