tfgrid/projectmycelium
11
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: add font-src directive to Content-Security-Policy header for external fonts

Browse Source
This commit is contained in:
mik-tf
2025-09-06 10:00:05 -04:00
parent fc8720b22f
commit edb5091fd7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/middleware/mod.rs
View File

@@ -130,7 +130,7 @@ where
let _ = headers.insert(
actix_web::http::header::CONTENT_SECURITY_POLICY,
actix_web::http::header::HeaderValue::from_static(
"default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'"
"default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'"
),
);
}