From 6149ef44e8cf6946cca20d3cbe9f1ffdc393f66c Mon Sep 17 00:00:00 2001
From: michivonah <info@michivonah.ch>
Date: Sat, 5 Apr 2025 22:16:04 +0200
Subject: [PATCH] add connect-src to security headers

---
 static/_headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/static/_headers b/static/_headers
index 421772e..6d40f68 100644
--- a/static/_headers
+++ b/static/_headers
@@ -1,5 +1,5 @@
 /
-  Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' cdn.michivonah.ch blog.michivonah.ch i.ytimg.com; font-src 'self'; upgrade-insecure-requests
+  Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' cdn.michivonah.ch blog.michivonah.ch i.ytimg.com; font-src 'self'; connect-src 'self' api.michivonah.ch; upgrade-insecure-requests
   Permissions-Policy: accelerometer=(), autoplay=(), display-capture=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
   Referrer-Policy: strict-origin
   Strict-Transport-Security: max-age=31536000; includeSubDomains