Nice.

src/snek/system/middleware.py

@@ -7,21 +7,20 @@ from aiohttp import web
 
 @web.middleware
 async def csp_middleware(request, handler):
-    nonce = str(secrets.token_hex(16))
+    nonce = secrets.token_hex(16)
-    print("Nonce:", nonce)
     csp_policy = (
         "default-src 'self'; "
         f"script-src 'self' https://umami.molodetz.nl 'nonce-{nonce}'; "
         "style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; "
-        "img-src 'self' data: https://umodetz.nl; "
+        "img-src *; "
-        "connect-src 'self' https://umodetz.nl; "
+        "connect-src 'self' https://umami.molodetz.nl; "
-        "font-src 'self' data:; "
+        "font-src *; "
         "object-src 'none'; "
         "base-uri 'self'; "
         "form-action 'self'; "
         "frame-src 'self'; "
-        "worker-src 'self'; "
+        "worker-src *; "
-        "media-src 'self'; "
+        "media-src *; "
         "manifest-src 'self';"
     )
     request['csp_nonce'] = nonce