From 74b9083551bab18647a369d62d660f32f2f06e25 Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Thu, 2 May 2024 13:57:36 -1000
Subject: [PATCH] fix(api): :ambulance: Fix incorrect Content-Security-Policy
 on frontend

---
 utils/response.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/response.ts b/utils/response.ts
index e42bf9e7..dae67906 100644
--- a/utils/response.ts
+++ b/utils/response.ts
@@ -32,7 +32,7 @@ export const clientResponse = (
 ) => {
     return response(data, status, {
         "Content-Security-Policy":
-            "Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self'; img-src *; font-src 'self'; connect-src 'self'; media-src *; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'",
+            "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src *; font-src 'self'; connect-src 'self'; media-src *; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'",
         "Access-Control-Allow-Origin": "null",
         ...headers,
     });