Remove but fix

vmcj · vmcj · commit 8150065d784a · 2025-09-15T08:19:19.000+02:00
diff --git a/webapp/src/EventListener/AddContentSecurityPolicyListener.php b/webapp/src/EventListener/AddContentSecurityPolicyListener.php
@@ -17,7 +17,7 @@ public function __invoke(ResponseEvent $event): void
         // the profiler requires 'unsafe-eval' for script-src 'self'.
         $response = $event->getResponse();
         $cspExtra = $this->profiler ? "'unsafe-eval'" : "";
-        $csp = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' $cspExtra; img-src 'self' data:; worker-src 'self' blob:";
+        $csp = "default-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' $cspExtra; img-src 'self' data:; worker-src 'self' blob:";
         $response->headers->set('Content-Security-Policy', $csp);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ public function __invoke(ResponseEvent $event): void`
`17`	`17`	`// the profiler requires 'unsafe-eval' for script-src 'self'.`
`18`	`18`	`$response = $event->getResponse();`
`19`	`19`	`$cspExtra = $this->profiler ? "'unsafe-eval'" : "";`
`20`		`- $csp = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' $cspExtra; img-src 'self' data:; worker-src 'self' blob:";`
	`20`	`+ $csp = "default-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline'; script-src 'self' https://cdn.jsdelivr.net 'unsafe-inline' $cspExtra; img-src 'self' data:; worker-src 'self' blob:";`
`21`	`21`	`$response->headers->set('Content-Security-Policy', $csp);`
`22`	`22`	`}`
`23`	`23`	`}`