From 7f05179c9c6ce013026725101ba2128208802536 Mon Sep 17 00:00:00 2001
From: Abhay <80220229+EpicGamer007@users.noreply.github.com>
Date: Fri, 24 Feb 2023 00:13:01 +0000
Subject: [PATCH] fix font csp (#22)

---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index b38166b..9714fd2 100644
--- a/index.js
+++ b/index.js
@@ -20,7 +20,7 @@ app.use(expressEJSLayouts);
 
 app.use((req, res, next) => {
   // Security Headers - Refer to MDN and helmetjs docs
-  res.set("Content-Security-Policy", `default-src 'self'; img-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://code.jquery.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; font-src 'self'; object-src 'none'; child-src 'none'; frame-ancestors 'none'; frame-src 'none'; upgrade-insecure-requests`);
+  res.set("Content-Security-Policy", `default-src 'self'; img-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://code.jquery.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; font-src 'self' data:; object-src 'none'; child-src 'none'; frame-ancestors 'none'; frame-src 'none'; upgrade-insecure-requests`);
   res.set("Strict-Transport-Security", "max-age=15552000; includeSubDomains");
   res.set("X-Content-Type-Options", "nosniff");
   res.set("X-Frame-Options", "DENY");