From 6a2dd63ad3e2b4cab4ed4dca2446e80a9a287083 Mon Sep 17 00:00:00 2001
From: colin <colin@nixc.us>
Date: Thu, 3 Jul 2025 14:13:28 -0400
Subject: [PATCH] Fix CSP configuration to allow Bootstrap and external
 resources

---
 docker/ploughshares/app.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/docker/ploughshares/app.py b/docker/ploughshares/app.py
index 13b3b7a..9002ec6 100644
--- a/docker/ploughshares/app.py
+++ b/docker/ploughshares/app.py
@@ -43,18 +43,23 @@ APP_ENV = os.environ.get('APP_ENV', 'development')
 # Configure security headers with Talisman
 # Base CSP settings
 csp = {
-    'default-src': "'none'",
-    'script-src': ["'self'", 
-                   "'sha256-ryQsJ+aghKKD/CeXgx8jtsnZT3Epp3EjIw8RyHIq544='", 
-                   "'sha256-anTkUs/oFZJulKUMaMjZlwaALEmPOP8op0psAo5Bhh8='", 
-                   "'sha256-BASkmAmg7eoYCMd6odA6kQ8yGsFnoxaX48WbQvMkehs='"],
-    'style-src': ["'self'", "'sha256-Mo+7o3oPEKpX7fqRvTtunvQHlIDhJ0SxAMG1PCNniCI='"],
-    'img-src': ["'self'", "data:"],
-    'font-src': ["'self'", "data:"],
+    'default-src': ["'self'"],
+    'script-src': [
+        "'self'", 
+        "'unsafe-inline'",
+        "https://cdn.jsdelivr.net/",
+    ],
+    'style-src': [
+        "'self'", 
+        "'unsafe-inline'",
+        "https://cdn.jsdelivr.net/",
+    ],
+    'img-src': ["'self'", "data:", "https:"],
+    'font-src': ["'self'", "data:", "https://cdn.jsdelivr.net/"],
     'connect-src': "'self'",
     'object-src': "'none'",
     'frame-ancestors': "'none'",
-    'base-uri': "'none'",
+    'base-uri': "'self'",
     'form-action': "'self'"
 }