txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: self-host HTMX 2.0.10 and Hyperscript 0.9.91, remove unpkg CDN

Browse Source 
- Download htmx.min.js v2.0.10 and _hyperscript.min.js v0.9.91 locally
- Update head-scripts.html to load from /static/ instead of unpkg CDN
- Remove https://unpkg.com from CSP script-src whitelist
- Update all documentation references to reflect self-hosted paths
- No breaking changes: all hx-* attributes are HTMX 2.0 compatible
This commit is contained in:
juanatsap
2026-05-14 12:59:30 +01:00
parent 20f0e79343
commit 8f4d0e9433
10 changed files with 47 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/handlers/cv_contact.go
+1 -1
View File
@@ -222,7 +222,7 @@ func (h *CVHandler) renderContactError(w http.ResponseWriter, r *http.Request, e
}
// Render the error template
// Return 200 OK with error content - HTMX 1.9.x logs console.error for non-2xx responses
// Return 200 OK with error content - HTMX logs console.error for non-2xx responses
// Validation errors are expected form feedback, not system errors
w.Header().Set(c.HeaderContentType, c.ContentTypeHTML)
w.WriteHeader(http.StatusOK)
internal/middleware/security.go
+1 -1
View File
@@ -32,7 +32,7 @@ func SecurityHeaders(next http.Handler) http.Handler {
// Content Security Policy (comprehensive)
csp := "default-src 'self'; " +
"script-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net https://esm.sh https://matomo.txeo.club; " +
"script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://esm.sh https://matomo.txeo.club; " +
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; " +
"font-src 'self' https://fonts.gstatic.com; " +
"img-src 'self' data: https:; " +