From fe7a4d7c4125495c6c4e43888cfd0dcd137c34fa Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <me@msfjarvis.dev>
Date: Wed, 15 Jul 2020 15:01:05 +0530
Subject: [PATCH] Caddyfile: update CSP

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
---
 Caddyfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Caddyfile b/Caddyfile
index 296683d..a151e7c 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -9,12 +9,12 @@
       connect-src 'self' commento.msfjarvis.dev;
       default-src 'self';
       frame-ancestors 'none';
-      frame-src github.com;
+      frame-src 'none';
       font-src 'self' data: commento.msfjarvis.dev stackpath.bootstrapcdn.com;
-      img-src 'self' data: gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev *.amazonaws.com;
+      img-src 'self' data: gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev;
       object-src 'none';
-      script-src 'self' commento.msfjarvis.dev 'unsafe-inline';
-      style-src 'self' commento.msfjarvis.dev stackpath.bootstrapcdn.com 'unsafe-inline';
+      script-src 'self' commento.msfjarvis.dev unpkg.com;
+      style-src 'self' commento.msfjarvis.dev stackpath.bootstrapcdn.com;
     "
     # Security related changes stolen from https://github.com/searx/searx-docker/blob/master/Caddyfile
     Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"