From 4e7fca13ac12ace7cf7490a44aebb7e31784a442 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20G=C4=85sowski?= <gander@users.noreply.github.com>
Date: Wed, 27 Nov 2024 01:16:03 +0100
Subject: [PATCH] fix: CSP header

---
 functions/_middleware.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions/_middleware.js b/functions/_middleware.js
index 472f922..8acb79b 100644
--- a/functions/_middleware.js
+++ b/functions/_middleware.js
@@ -13,7 +13,7 @@ async function handleNonceResponse(response) {
 
     let newHeaders = new Headers(response.headers);
     newHeaders.set('Reporting-Endpoints', 'csp-endpoint="https://csp.gander.tools/"')
-    newHeaders.set('Content-Security-Policy', `default-src 'self'; script-src https: 'unsafe-inline' 'nonce-${nonce}' 'strict-dynamic' https://static.cloudflareinsights.com/beacon.min.js; object-src 'none'; base-uri 'none'; connect-src https://cloudflareinsights.com/ https://medama.gander.tools/ https://sentry.gander.tools/; style-src 'nonce-${nonce}'; require-trusted-types-for 'script'; report-to csp-endpoint; report-uri https://csp.gander.tools/`);
+    newHeaders.set('Content-Security-Policy', `default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-${nonce}' 'strict-dynamic'; object-src 'none'; base-uri 'none'; connect-src 'self' medama.gander.tools sentry.gander.tools; style-src 'self' 'nonce-${nonce}'; report-to csp-endpoint; report-uri https://csp.gander.tools/`);
 
     let body = await response.text();
     body = body.replace(/{{CSP-NONCE}}/g, nonce);