From 6a905c1948432818fe9b8c601fc20269cb08901e Mon Sep 17 00:00:00 2001
From: retoor <retoor@molodetz.nl>
Date: Sat, 14 Jun 2025 12:53:40 +0200
Subject: [PATCH] Nice.

---
 src/snek/system/middleware.py | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/snek/system/middleware.py b/src/snek/system/middleware.py
index d2e4edd..cb2f6bd 100644
--- a/src/snek/system/middleware.py
+++ b/src/snek/system/middleware.py
@@ -7,21 +7,20 @@ from aiohttp import web
 
 @web.middleware
 async def csp_middleware(request, handler):
-    nonce = str(secrets.token_hex(16))
-    print("Nonce:", nonce)
+    nonce = secrets.token_hex(16)
     csp_policy = (
         "default-src 'self'; "
         f"script-src 'self' https://umami.molodetz.nl 'nonce-{nonce}'; "
         "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; "
-        "img-src 'self' data: https://umodetz.nl; "
-        "connect-src 'self' https://umodetz.nl; "
-        "font-src 'self' data:; "
+        "img-src *; "
+        "connect-src 'self' https://umami.molodetz.nl; "
+        "font-src *; "
         "object-src 'none'; "
         "base-uri 'self'; "
         "form-action 'self'; "
         "frame-src 'self'; "
-        "worker-src 'self'; "
-        "media-src 'self'; "
+        "worker-src *; "
+        "media-src *; "
         "manifest-src 'self';"
     )
     request['csp_nonce'] = nonce