From ad2e04469a8632552890e7129b0b6cc4b729c290 Mon Sep 17 00:00:00 2001
From: wvffle <funkwhale@wvffle.net>
Date: Mon, 5 Sep 2022 14:52:48 +0000
Subject: [PATCH] Fix CSP header

---
 docker/nginx/conf.dev | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/nginx/conf.dev b/docker/nginx/conf.dev
index 28964a529..2ca0a9d53 100644
--- a/docker/nginx/conf.dev
+++ b/docker/nginx/conf.dev
@@ -69,12 +69,12 @@ http {
             text/x-component
             text/x-cross-domain-policy;
 
-        add_header Content-Security-Policy "connect-src https: wss: 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+        add_header Content-Security-Policy "connect-src https: wss: 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
         add_header Referrer-Policy "strict-origin-when-cross-origin";
         add_header X-Frame-Options "SAMEORIGIN" always;
 
         location /front/ {
-            add_header Content-Security-Policy "connect-src https: wss: 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
+            add_header Content-Security-Policy "connect-src https: wss: 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
             add_header Referrer-Policy "strict-origin-when-cross-origin";
             add_header Service-Worker-Allowed "/";
             # uncomment the following line and comment the proxy-pass one