About Neocities' new stricter Content Security Policy

2/11/2024 #resource

Hotlinking is not dead

Around the start of this year, Neocities introduced a new stricter Content Security Policy. For those that don't know, a Content Security Policy (CSP) restricts what a page is allowed to load. This can break some widgets on your website.

Who it affects

Free accounts made after the day the new policy was implemented.
So, the old less strict CSP is now a supporter feature. However, if you were on Neocities before it was added, you will keep the old less strict CSP.

What this new stricter policy does

Most widgets that do all the following will not work:
  1. Send or get data from another website (like via fetch() or <form>).
  2. Use a <script> tag to embed.
Some notable ones are Html Comment Box and Goatcounter.
Everything else will continue to work, such as these:
  • YouTube, Navlink, and others that you embed using an <iframe>.
  • Most webrings, even if they use a <script>. They usually tend to have the data already in the script itself.
  • Hotlinking images, scripts, styles, fonts, audio, videos, and flash.
Some examples of these can be seen on this website.

Why Neocities is doing this

Apparently, abuse.

This is an old archived version of my website as of August 10th, 2024.

You can view it, but page content may be outdated. I've tried my best to update links but some may be incorrect. Adding /archive/v3/ to the start of the url should work if you somehow 404.

The current version can be found at just dabric.xyz.