From 2bd1242c1cce3bbdb33e3cf6576e4f74aa82e3db Mon Sep 17 00:00:00 2001
From: csasq <csasq@csasq.ru>
Date: Wed, 14 Aug 2024 17:43:20 +0300
Subject: [PATCH] =?UTF-8?q?=D0=98=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5=D0=BD=20?=
 =?UTF-8?q?=D0=B7=D0=B0=D0=B3=D0=BE=D0=BB=D0=BE=D0=B2=D0=BE=D0=BA=20CSP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nginx/secure-headers.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx/secure-headers.conf b/nginx/secure-headers.conf
index 6c772ac..88d6008 100644
--- a/nginx/secure-headers.conf
+++ b/nginx/secure-headers.conf
@@ -1,4 +1,4 @@
-add_header	Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' https://cdn.csasq.ru; img-src 'self' data:; media-src 'self' blob:; worker-src 'self' blob:";
+add_header	Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://esm.run https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com";
 add_header	X-Frame-Options "DENY";
 add_header	X-Content-Type-Options "nosniff";
 add_header	Strict-Transport-Security "max-age=31536000; includeSubDomains";