web/headers: update csp yet again

whatever dude
2024-12-28 02:26:10 +00:00 · 2024-09-18 19:16:23 +06:00 · 2024-09-18 19:16:23 +06:00 · 52599dd900
parent 9024418aff
commit 52599dd900
1 changed files with 1 additions and 9 deletions
--- a/web/src/routes/_headers/+server.ts
+++ b/web/src/routes/_headers/+server.ts
@ -9,15 +9,7 @@ const allowedScriptOrigins = [
 export async function GET() {
    const CSP = {
        "connect-src": ["*"],
-        "default-src": ["'none'"],
-
-        "font-src": ["'self'"],
-        "style-src": ["'self'"],
-        "style-src-attr": ["'self'"],
-        "style-src-elem": ["'self'"],
-        "img-src": ["'self'", "data:"],
-        "manifest-src": ["'self'"],
-        "worker-src": ["'self'"],
+        "default-src": ["'self'"],

        "script-src": allowedScriptOrigins,
        "script-src-attr": allowedScriptOrigins,