From 52f511e271ceadeafdf4b54b0784225185243d31 Mon Sep 17 00:00:00 2001
From: Tudor Stanciu <tudor.stanciu94@gmail.com>
Date: Mon, 29 Sep 2025 00:52:47 +0300
Subject: [PATCH] Update Content-Security-Policy to allow specific external
 resources for improved functionality

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 482f182..52f4947 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -43,7 +43,7 @@ http {
         add_header X-XSS-Protection "1; mode=block" always;
         add_header X-Content-Type-Options "nosniff" always;
         add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' http: https:;" always;
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com; connect-src 'self' http: https:;" always;
         
         # Static assets caching - works for any subfolder or root
         location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {