From ab5f8e774eb307c5c39e26b4d360a36a3e8adc13 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 31 Mar 2025 09:31:57 -0400
Subject: [PATCH] Update CSP to use script hashes instead of unsafe-inline

---
 docker/resume/Caddyfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/resume/Caddyfile b/docker/resume/Caddyfile
index 83b7891..de605ed 100644
--- a/docker/resume/Caddyfile
+++ b/docker/resume/Caddyfile
@@ -28,8 +28,8 @@
         # Cache control for static assets
         Cache-Control "public, max-age=31536000, immutable"
         
-        # CSP with hash for utils.js and nonce for inline scripts
-        Content-Security-Policy "default-src 'none'; script-src 'self' 'sha256-ryQsJ+aghKKD/CeXgx8jtsnZT3Epp3EjIw8RyHIq544='; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
+        # CSP with hashes for scripts
+        Content-Security-Policy "default-src 'none'; script-src 'self' 'sha256-ryQsJ+aghKKD/CeXgx8jtsnZT3Epp3EjIw8RyHIq544=' 'sha256-anTkUs/oFZJulKUMaMjZlwaALEmPOP8op0psAo5Bhh8='; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
     }
 
     # Handle 404s