Debug CSP: temporarily allow inline scripts and remove SRI requirement

2025-03-31 04:16:50 -04:00 · 2025-03-31 04:16:50 -04:00 · 885914812d
parent 905b480a2e
commit 885914812d
1 changed files with 1 additions and 1 deletions
--- a/docker/resume/Caddyfile
+++ b/docker/resume/Caddyfile
@ -26,7 +26,7 @@
        Cross-Origin-Opener-Policy "same-origin"
        
        # Simplified CSP for static content
-        Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; require-sri-for script;"
+        Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
    }

    # Handle 404s