Some resources are now loaded udependently of the source domain only via secure channels (https).
This can significantly reduce the risk and impact of cross-site scripting attacks in modern browsers.
This also offers the advantage that, for example, "old" inline scripts do not have to be rewritten outside their own domain.
Fixes#146
Can be optionally activated by the FlatPress admin
* Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources for approved content, you can prevent the browser from loading malicious content.
* Permissions Policy is a new header that allows a site to control which features and APIs can be used in the browser.
* HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.
* The X-Download-Options response header instructs the browser not to open the file directly but to offer it for download first. This mitigates some potential Social Engineering attacks.
* HTTP Strict Transport Security (HSTS for short) is a security mechanism for HTTPS connections that protects against both connection encryption downgrade attack and session hijacking.
* The referrer policy directive determines whether, and if so which, referrer information for requests triggered by the current web page is sent by the web browser in HTTP requests.
Fixes#201 and #144
* In the admin area of the style Flatmaas-Rev is no longer tried via stylesheet to include the image nib-logo.png.
* In the preview of the Leggero style "Posted by + time" is now displayed right-aligned - as in the blog.
* The heading for posts and pages has received its own CSS class "entry-title".
* In all three styles, both heading sizes are now displayed correctly; as in the blog, so in the preview.
* The publication date is truncated from h2 and now uses h6.
* Font size h4 can now also be conveniently set via BBCode button.
* Long single line code in leggero-v2 style is now wrapped when printing.
*SEO Metatag Info Plugin in the standard distribution*
- includes all languages FlatPress currently supports as standard (translation via Deepl).
- Content customized texts incl. placeholder as example.
- With own hook in entry- and statictemplate, because otherwise the tag plugin is also shown when creating static pages; which is not supposed to be
