From e628dc0ad791abde43911640635b170050338be9 Mon Sep 17 00:00:00 2001
From: Tudor Stanciu <tudor.stanciu94@gmail.com>
Date: Sun, 28 Sep 2025 04:33:29 +0300
Subject: [PATCH] Update Content-Security-Policy for improved security and
 resource loading

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index a7f3e79..7b23bb8 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -43,7 +43,7 @@ http {
         add_header X-XSS-Protection "1; mode=block" always;
         add_header X-Content-Type-Options "nosniff" always;
         add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+        add_header Content-Security-Policy "default-src 'self' http: https: data: blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob:" always;
         
         # Static assets caching - works for any subfolder or root
         location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {