Allow JSDelivr in CSP

author: Joe Banks <[email protected]> 2024-08-19 02:07:23 +0100
committer: Joe Banks <[email protected]> 2024-08-19 02:07:23 +0100
commit: f126807c7f840db04276ec558b206065685bb61c (patch)
tree: 319a55d462499b19f610687760548363b7f1627a
parent: Update Dockerfile with build-time optimisations (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py
index 11fce17..33f0f39 100644
--- a/thallium-backend/src/app.py
+++ b/thallium-backend/src/app.py
@@ -41,7 +41,7 @@ async def add_process_time_and_security_headers(
     response.headers["X-XSS-Protection"] = "1; mode=block"
     response.headers["Strict-Transport-Security"] = "max-age=31536000"
     response.headers["X-Content-Type-Options"] = "nosniff"
-    response.headers["Content-Security-Policy"] = "default-src 'self'"
+    response.headers["Content-Security-Policy"] = "default-src 'self'; script-src https://cdn.jsdelivr.net/; style-src https://cdn.jsdelivr.net/;"
     response.headers["Referrer-Policy"] = "no-referrer"
     response.headers["Permissions-Policy"] = (
         "camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=(), screen-wake-lock=(), web-share=()"
author	Joe Banks <[email protected]>	2024-08-19 02:07:23 +0100
committer	Joe Banks <[email protected]>	2024-08-19 02:07:23 +0100
commit	f126807c7f840db04276ec558b206065685bb61c (patch)
tree	319a55d462499b19f610687760548363b7f1627a
parent	Update Dockerfile with build-time optimisations (diff)