Don't need CSP for remote fonts anymore

2020-05-05 22:08:57 +02:00 · 2020-05-05 22:08:57 +02:00 · 024c325bab
commit 024c325bab
parent 1ab3d71d6f
2 changed files with 2 additions and 2 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@ -4,7 +4,7 @@
        -Date
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
-        Content-Security-Policy "default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net;"
+        Content-Security-Policy "default-src 'self' 'unsafe-inline';"
        Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
--- a/caddy/Caddyfile.prod
+++ b/caddy/Caddyfile.prod
@ -4,7 +4,7 @@
        -Date
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
-        Content-Security-Policy "default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net;"
+        Content-Security-Policy "default-src 'self' 'unsafe-inline';"
        Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"