From edb5091fd7b1051ff23fc6b989aec39f92900f44 Mon Sep 17 00:00:00 2001
From: mik-tf <logismos@protonmail.ch>
Date: Sat, 6 Sep 2025 10:00:05 -0400
Subject: [PATCH] fix: add font-src directive to Content-Security-Policy header
 for external fonts

---
 src/middleware/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/middleware/mod.rs b/src/middleware/mod.rs
index b19bd8d..0a21e9d 100644
--- a/src/middleware/mod.rs
+++ b/src/middleware/mod.rs
@@ -130,7 +130,7 @@ where
                 let _ = headers.insert(
                     actix_web::http::header::CONTENT_SECURITY_POLICY,
                     actix_web::http::header::HeaderValue::from_static(
-                        "default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'"
+                        "default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'"
                     ),
                 );
             }