From 0b46750148d195b477eb22b514ae2bcc072773fa Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 31 Mar 2025 04:08:37 -0400
Subject: [PATCH] Enhance CSP with default-src 'none' for maximum security

---
 docker/resume/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/resume/Caddyfile b/docker/resume/Caddyfile
index 450afb0..fecff23 100644
--- a/docker/resume/Caddyfile
+++ b/docker/resume/Caddyfile
@@ -26,7 +26,7 @@
         Cross-Origin-Opener-Policy "same-origin"
         
         # Simplified CSP for static content
-        Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; require-sri-for script;"
+        Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; require-sri-for script;"
     }
 
     # Handle 404s