Around the start of this year, Neocities introduced a new stricter Content Security Policy. For those that don't know, a Content Security Policy (CSP) restricts what a page is allowed to load. This can break some widgets on your website.
Who it affects
So, the old less strict CSP is now a supporter feature. However, if you were on Neocities before it was added, you will keep the old less strict CSP.
What this new stricter policy does
Most widgets that do all the following will not work:
- Send or get data from another website (like via
fetch()or<form>). - Use a
<script>tag to embed.
Some notable ones are Html Comment Box and Goatcounter.
Everything else will continue to work, such as these:
- YouTube, Navlink, and others that you embed using an
<iframe>. - Most webrings, even if they use a
<script>. They usually tend to have the data already in the script itself. - Hotlinking images, scripts, styles, fonts, audio, videos, and flash.