From e230ba3da0b30f678424fb39b374fe462aeda78a Mon Sep 17 00:00:00 2001
From: toufic ar <contact@toufy.me>
Date: Thu, 15 Jan 2026 02:26:50 +0200
Subject: [PATCH] more flexible CSP for forgejo

---
 config/http/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/http/default.nix b/config/http/default.nix
index 1753981..bda60d7 100644
--- a/config/http/default.nix
+++ b/config/http/default.nix
@@ -16,7 +16,7 @@ in {
     recommendedBrotliSettings = true;
 
     appendHttpConfig = ''
-      add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+      add_header Content-Security-Policy "default-src 'self'; object-src 'none'; base-uri 'none';" always;
       add_header 'Referrer-Policy' 'origin-when-cross-origin';
       add_header X-Frame-Options DENY;
       add_header X-Content-Type-Options nosniff;