Cdn - Tag - arleo.euhttps://www.arleo.eu/en/tags/cdn/Cdn - Tag - arleo.euHugo -- gohugo.ioenSun, 17 May 2026 00:00:00 +0000SRI on Hugo: automated hashes, auto-update and BetterStack alertinghttps://www.arleo.eu/en/posts/sri-cdn-hugo-automate/Sun, 17 May 2026 00:00:00 +0000Jmrhttps://www.arleo.eu/en/posts/sri-cdn-hugo-automate/

Why SRI?

When your site loads resources from a third-party CDN — FontAwesome, Mermaid, Animate.css — you’re trusting an external party you have no control over. If jsdelivr.net gets compromised, or if a supposedly immutable version is silently mutated, your site can become an attack vector.

Subresource Integrity (SRI) solves this cleanly: every <link> or <script> tag carries an integrity="sha256-…" attribute that the browser verifies before executing the resource. If the hash doesn’t match, the browser blocks the load.

]]>hugo-mcp Cloudflare plugin: smart cache purgehttps://www.arleo.eu/en/posts/hugo-mcp-plugin-cloudflare/Thu, 14 May 2026 09:43:19 +0200Jmrhttps://www.arleo.eu/en/posts/hugo-mcp-plugin-cloudflare/

TL;DR

The Cloudflare plugin in hugo-mcp v2.0 implements 3 cache purge modes (full, partial, smart). The partial mode computes the linked URLs to invalidate (canonical + sitemap + RSS + listing + home) to preserve 95% of the CDN cache on every modification. Concretely: 6 URLs purged instead of wiping everything. This post details the computation, the pitfalls, and why smart became the default.

]]>