[mod] caddy: update csp (#424)

Since https://github.com/searxng/searxng/pull/5073 we add a script directly to the [`base.html`](https://github.com/searxng/searxng/blob/master/searx/templates/simple/base.html), we need `'unsafe-inline'`.
2025-12-22 19:50:00 +00:00 · 2025-08-18 21:59:55 +02:00
parent d9357aca09
commit bc0cfa3d28
1 changed files with 1 additions and 1 deletions
--- a/2
+++ b/2
@@ -52,7 +52,7 @@ encode zstd gzip
 header {
 	# CSP (https://content-security-policy.com)
-	Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
+	Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self' https:; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; img-src * data:; frame-src https:;"
 	# Disable browser features
 	Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"