diff --git a/server.cjs b/server.cjs index c5063ab..11387f2 100644 --- a/server.cjs +++ b/server.cjs @@ -111,14 +111,15 @@ const SECURITY_HEADERS_BASE = { } const CSP_DIRECTIVES = [ - "default-src 'self'", + "default-src 'none'", "base-uri 'self'", "form-action 'self'", "frame-ancestors 'none'", "object-src 'none'", "script-src 'self' https://challenges.cloudflare.com", "script-src-elem 'self' https://challenges.cloudflare.com", - "style-src 'self' 'unsafe-inline'", + "style-src 'self'", + "style-src-elem 'self'", "img-src 'self' data: blob: https://*.basemaps.cartocdn.com https://basemaps.cartocdn.com", "font-src 'self' data:", "connect-src 'self' https://challenges.cloudflare.com",