From 89c0ab669054e4f734f580037f87ffd262f3e206 Mon Sep 17 00:00:00 2001
From: Tudor Stanciu <tudor.stanciu94@gmail.com>
Date: Mon, 29 Sep 2025 00:09:25 +0300
Subject: [PATCH] Update Content-Security-Policy to enhance security by
 removing unnecessary directives

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 7b23bb8..a7f3e79 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -43,7 +43,7 @@ http {
         add_header X-XSS-Protection "1; mode=block" always;
         add_header X-Content-Type-Options "nosniff" always;
         add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "default-src 'self' http: https: data: blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob:" always;
+        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
         
         # Static assets caching - works for any subfolder or root
         location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {