From 222a77cd3824716dd3be06dc6f3037f2a9bb45c7 Mon Sep 17 00:00:00 2001
From: Paul Toffoloni <69189821+ptoffy@users.noreply.github.com>
Date: Wed, 17 Jul 2024 21:41:31 +0200
Subject: [PATCH] Add CSP (#115)

* Add CSP

* Update GH link
---
 stack.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stack.yml b/stack.yml
index b1be25e..626518f 100644
--- a/stack.yml
+++ b/stack.yml
@@ -69,7 +69,7 @@ Resources:
               Override: true
         SecurityHeadersConfig:
           ContentSecurityPolicy:
-             ContentSecurityPolicy: default-src 'none'; script-src 'self'; img-src 'self' data:; style-src 'self'; font-src 'self'; connect-src 'self'
+             ContentSecurityPolicy: default-src 'none'; script-src 'self' https://design.vapor.codes; style-src 'self' https://design.vapor.codes; img-src 'self' https://design.vapor.codes; font-src 'self' https://design.vapor.codes; media-src 'self' https://design.vapor.codes; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' https://design.vapor.codes; connect-src 'self' https://api.github.com
              Override: false
           ContentTypeOptions:
             Override: false