aboutsummaryrefslogtreecommitdiffstats
path: root/thallium-backend/src/app.py
diff options
context:
space:
mode:
Diffstat (limited to 'thallium-backend/src/app.py')
-rw-r--r--thallium-backend/src/app.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/thallium-backend/src/app.py b/thallium-backend/src/app.py
index a78a9e6..638cc1f 100644
--- a/thallium-backend/src/app.py
+++ b/thallium-backend/src/app.py
@@ -42,7 +42,8 @@ async def add_process_time_and_security_headers(
response.headers["Strict-Transport-Security"] = "max-age=31536000"
response.headers["X-Content-Type-Options"] = "nosniff"
response.headers["Content-Security-Policy"] = (
- "default-src 'self'; script-src 'unsafe-inline' https://cdn.jsdelivr.net/;"
+ "default-src 'self';"
+ " script-src 'unsafe-inline' https://cdn.jsdelivr.net/ https://unpkg.com/;"
" style-src https://cdn.jsdelivr.net/ https://fonts.googleapis.com/;"
" img-src 'self' data:;"
)
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 00:50:21 +0000