From 926fb2aa23ac39c88bf543f9bbf0812af638d66d Mon Sep 17 00:00:00 2001
From: DerLev <levin.schroeren@gmail.com>
Date: Tue, 23 Apr 2024 16:22:36 +0200
Subject: [PATCH] fixing CSP - SWs use connect-src to validate CSP

---
 homepage/firebase.json | 2 +-
 homepage/hugo.toml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/homepage/firebase.json b/homepage/firebase.json
index 2b97d03..97a9f9b 100644
--- a/homepage/firebase.json
+++ b/homepage/firebase.json
@@ -21,7 +21,7 @@
         "source": "**",
         "headers": [{
           "key": "Content-Security-Policy",
-          "value": "script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; default-src 'self'"
+          "value": "script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; default-src 'self'"
         }]
       }
     ]
diff --git a/homepage/hugo.toml b/homepage/hugo.toml
index a840988..2699ac1 100644
--- a/homepage/hugo.toml
+++ b/homepage/hugo.toml
@@ -63,4 +63,4 @@ enableGitInfo = true
   [[server.headers]]
     for = '/**'
     [server.headers.values]
-      Content-Security-Policy = "script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; default-src 'self'"
+      Content-Security-Policy = "script-src 'self'; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; default-src 'self'"