Update.

2025-06-06 03:39:33 +02:00 · 2025-06-06 03:39:33 +02:00 · 9a39bedd3a
commit 9a39bedd3a
parent 9e1eb9f1e5
1 changed files with 9 additions and 1 deletions
--- a/src/snek/system/middleware.py
+++ b/src/snek/system/middleware.py
@ -9,7 +9,15 @@
 from aiohttp import web
 import secrets

-csp_policy = "default-src 'self'; script-src 'self' 'nonce-{nonce}'; style-src 'self';"
+
+csp_policy = (
+    "default-src 'self'; "
+    "script-src 'self' https://*.cloudflare.com https://molodetz.nl 'nonce-{nonce}'; "
+    "style-src 'self' https://*.cloudflare.com https://molodetz.nl; "
+    "img-src 'self' https://*.cloudflare.com https://molodetz.nl data:; "
+    "connect-src 'self' https://*.cloudflare.com https://molodetz.nl;"
+)
+

 def generate_nonce():
    return secrets.token_hex(16)