From fa9bebe9acfa4a21f69e8db0484be41d7e09e9cf Mon Sep 17 00:00:00 2001
From: Tudor Stanciu <tudor.stanciu94@gmail.com>
Date: Mon, 29 Sep 2025 00:48:19 +0300
Subject: [PATCH] Update Content-Security-Policy for enhanced security and
 resource loading

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index a7f3e79..482f182 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -43,7 +43,7 @@ http {
         add_header X-XSS-Protection "1; mode=block" always;
         add_header X-Content-Type-Options "nosniff" always;
         add_header Referrer-Policy "no-referrer-when-downgrade" always;
-        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' http: https:;" always;
         
         # Static assets caching - works for any subfolder or root
         location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ {