diff --git a/controllers/middlewares/middlewares.go b/controllers/middlewares/middlewares.go index d25c45e6..8bb4075d 100644 --- a/controllers/middlewares/middlewares.go +++ b/controllers/middlewares/middlewares.go @@ -75,7 +75,7 @@ func ScopesRequired(scopes ...string) gin.HandlerFunc { // CSP set Content Security Policy http header func CSP() gin.HandlerFunc { return func(c *gin.Context) { - c.Header("Content-Security-Policy", "default-src 'self'; img-src * data:; media-src *; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-inline'; font-src 'self' maxcdn.bootstrapcdn.com 'unsafe-eval") + c.Header("Content-Security-Policy", "default-src 'self'; img-src * data:; media-src *; style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com") c.Next() } }