From 8c5a8b6f2281dc5cfb779113f90a32a86cc98e5a Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Fri, 5 Jan 2024 14:47:20 -0600
Subject: [PATCH] fixes for a few missing csp entries needed

---
 app.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.rb b/app.rb
index 16aba785..cbf6e267 100644
--- a/app.rb
+++ b/app.rb
@@ -92,7 +92,7 @@ after do
 end
 
 after do
-  response.headers['Content-Security-Policy'] = %{default-src 'self' 'unsafe-inline'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; style-src 'self' https://hcaptcha.com, https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com, https://*.hcaptcha.com https://api.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com}
+  response.headers['Content-Security-Policy'] = %{default-src 'self' data: blob: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://api.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com}
 end
 
 connect-src, https://api.stripe.com, https://maps.googleapis.com