tfgrid/projectmycelium
11
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: allow external CDN and font sources in Content-Security-Policy header

Browse Source
This commit is contained in:
mik-tf
2025-09-06 09:57:17 -04:00
parent ee6034b752
commit fc8720b22f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/middleware/mod.rs
View File

@@ -130,7 +130,7 @@ where
let _ = headers.insert(
actix_web::http::header::CONTENT_SECURITY_POLICY,
actix_web::http::header::HeaderValue::from_static(
"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'none'"
"default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'"
),
);
}