From fc8720b22fb38008f2b580e659862a098aaf226c Mon Sep 17 00:00:00 2001
From: mik-tf <logismos@protonmail.ch>
Date: Sat, 6 Sep 2025 09:57:17 -0400
Subject: [PATCH] fix: allow external CDN and font sources in
 Content-Security-Policy header

---
 src/middleware/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/middleware/mod.rs b/src/middleware/mod.rs
index dc63794..b19bd8d 100644
--- a/src/middleware/mod.rs
+++ b/src/middleware/mod.rs
@@ -130,7 +130,7 @@ where
                 let _ = headers.insert(
                     actix_web::http::header::CONTENT_SECURITY_POLICY,
                     actix_web::http::header::HeaderValue::from_static(
-                        "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'"
+                        "default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'"
                     ),
                 );
             }