diff options
| author | Peter Stone <thepeterstone@gmail.com> | 2026-06-18 01:10:30 +0000 |
|---|---|---|
| committer | Peter Stone <thepeterstone@gmail.com> | 2026-06-18 01:10:30 +0000 |
| commit | 38f4ea5af664c26b8ec50e2b49ea583c3d974a67 (patch) | |
| tree | 26e7a47ab26d780284a6030aacb15c3253f0e744 | |
| parent | 35e5cb916391e98181169d0228fc23514362988f (diff) | |
fix: add cdn.jsdelivr.net to CSP style-src for scout's Tailwind CSS
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| -rw-r--r-- | internal/middleware/security.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/internal/middleware/security.go b/internal/middleware/security.go index 8d1e619..834b385 100644 --- a/internal/middleware/security.go +++ b/internal/middleware/security.go @@ -26,7 +26,7 @@ func SecurityHeaders(debug bool) func(http.Handler) http.Handler { "default-src 'self'; "+ "img-src 'self' https: data:; "+ "script-src 'self' 'unsafe-inline' https://unpkg.com; "+ - "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; "+ + "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; "+ "font-src 'self' https://fonts.gstatic.com; "+ "frame-src https://www.youtube.com https://embed.windy.com; "+ "connect-src 'self' wss: ws:") |
