From 13a73580884d02096b91e65d337a929665f4e408 Mon Sep 17 00:00:00 2001
From: Tim Hostetler <6970899+thostetler@users.noreply.github.com>
Date: Thu, 19 Dec 2024 15:51:06 -0500
Subject: [PATCH] Turn on CSP

---
 next.config.mjs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/next.config.mjs b/next.config.mjs
index 75cb485c7..a23542953 100644
--- a/next.config.mjs
+++ b/next.config.mjs
@@ -8,8 +8,8 @@ const CSP = `
   style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com;
   base-uri 'self';
   object-src 'none';
-  connect-src 'self' https://*.google-analytics.com https://*.adsabs.harvard.edu https://o1060269.ingest.sentry.io;
-  font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com;
+  connect-src 'self' https://*.google-analytics.com https://*.adsabs.harvard.edu https://o1060269.ingest.sentry.io https://*.scixplorer.org https://www.googletagmanager.com;
+  font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com;
   frame-src https://www.youtube-nocookie.com https://www.google.com https://www.google.com/recaptcha/;
   form-action 'self';
   img-src * data: https://www.google.com https://www.gstatic.com https://i.ytimg.com https://s.ytimg.com;
@@ -81,7 +81,7 @@ const nextConfig = {
               'accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()',
           },
           {
-            key: 'Content-Security-Policy-Report-Only',
+            key: 'Content-Security-Policy',
             value: CSP,
           },
         ],