From 38f4ea5af664c26b8ec50e2b49ea583c3d974a67 Mon Sep 17 00:00:00 2001 From: Peter Stone Date: Thu, 18 Jun 2026 01:10:30 +0000 Subject: fix: add cdn.jsdelivr.net to CSP style-src for scout's Tailwind CSS Co-Authored-By: Claude Sonnet 4.6 --- internal/middleware/security.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'internal/middleware') diff --git a/internal/middleware/security.go b/internal/middleware/security.go index 8d1e619..834b385 100644 --- a/internal/middleware/security.go +++ b/internal/middleware/security.go @@ -26,7 +26,7 @@ func SecurityHeaders(debug bool) func(http.Handler) http.Handler { "default-src 'self'; "+ "img-src 'self' https: data:; "+ "script-src 'self' 'unsafe-inline' https://unpkg.com; "+ - "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; "+ + "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; "+ "font-src 'self' https://fonts.gstatic.com; "+ "frame-src https://www.youtube.com https://embed.windy.com; "+ "connect-src 'self' wss: ws:") -- cgit v1.2.3