From 495c3f6808dcb46c0a03922b8b1098ad2c6fb6b3 Mon Sep 17 00:00:00 2001
From: s8613 <s86136@bht-berlin.de>
Date: Wed, 2 Jul 2025 16:17:31 +0200
Subject: [PATCH] updated conf content security policy

---
 project/frontend/docker/nginx.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/project/frontend/docker/nginx.conf b/project/frontend/docker/nginx.conf
index 1642d30..7571507 100644
--- a/project/frontend/docker/nginx.conf
+++ b/project/frontend/docker/nginx.conf
@@ -4,8 +4,7 @@ server {
     root   /usr/share/nginx/html;
     index  index.html;
 
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';";
-
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; object-src 'none'; media-src 'self'; frame-src 'self';";
     # Caching configuration for static assets
     location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
         expires 30d;