From e3c845d8f563d75618e237cdf16bd4ad4a00dcb8 Mon Sep 17 00:00:00 2001
From: Vika <vika@fireburn.ru>
Date: Wed, 16 Apr 2025 03:37:13 +0300
Subject: Add `connect-src 'self';` to CSP

why is this a thing... should've just put `default-src 'self'` to get
behavior similar to what was in the past

Change-Id: I0d3850931fe97f87a1aa10223502791a78cbe7fc
---
 src/lib.rs | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/lib.rs')

diff --git a/src/lib.rs b/src/lib.rs
index b12bdfc..cf81dc9 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -384,6 +384,7 @@ where
                 "style-src 'self';",   // Only use styles we serve.
                 "base-uri 'none';",    // Do not allow to change the base URI.
                 "object-src 'none';",  // Do not allow to embed objects (Flash/ActiveX).
+                "connect-src 'self';", // Allow sending data back to us. (WHY IS THIS A THING OMG)
                 // Allow embedding the Bandcamp player for jam posts.
                 // TODO: perhaps make this policy customizable?…
                 "frame-src 'self' https://bandcamp.com/EmbeddedPlayer/;"
-- 
cgit 1.4.1