feat: remove csp (and add ds_store to gitignore)

.gitignore

@@ -1,2 +1,3 @@
 .env
 /node_modules
+.DS_Store

frontend/src/app/layout.tsx

@@ -1,6 +1,5 @@
 import type { Metadata } from "next";
 import { Space_Grotesk } from "next/font/google";
-import { headers } from "next/headers";
 import Script from "next/script";
 import type React from "react";
 
@@ -99,8 +98,6 @@ export default async function RootLayout({
   children: React.ReactNode;
 }) {
   const user = await auth({ noThrow: true, type: "adonis" });
-  const headersList = await headers();
-  const nonce = headersList.get("x-nonce");
 
   return (
     <html lang="pl" suppressHydrationWarning={true} className="scroll-smooth">
@@ -121,7 +118,6 @@ export default async function RootLayout({
               src="https://analytics.solvro.pl/script.js"
               data-website-id="ab126a0c-c0ab-401b-bf9d-da652aab69ec"
               data-domains="planer.solvro.pl"
-              nonce={nonce ?? undefined}
             />
             <Toaster richColors={true} />
           </body>

frontend/src/middleware.ts

@@ -4,41 +4,13 @@ import { NextResponse } from "next/server";
 import { auth } from "./lib/auth";
 
 export async function middleware(request: NextRequest) {
-  const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
-  const cspHeader = `
-    default-src 'self' 'nonce-${nonce}' https://fonts.googleapis.com https://fonts.gstatic.com https://analytics.solvro.pl ${process.env.NODE_ENV === "development" ? "http://localhost:3333" : ""};
-    script-src 'self' 'nonce-${nonce}' 'strict-dynamic' ${process.env.NODE_ENV === "development" ? "'unsafe-eval'" : ""} https://analytics.solvro.pl;
-    style-src 'self' 'unsafe-inline';
-    img-src 'self' blob: data: https://avatars.githubusercontent.com https://wit.pwr.edu.pl https://cms.solvro.pl https://apps.usos.pwr.edu.pl;
-    font-src 'self';
-    object-src 'none';
-    base-uri 'self';
-    form-action 'self';
-    frame-ancestors 'none';
-    upgrade-insecure-requests;
-  `;
-
-  const contentSecurityPolicyHeaderValue = cspHeader
-    .replaceAll(/\s{2,}/g, " ")
-    .trim();
-
   const requestHeaders = new Headers(request.headers);
-  requestHeaders.set("x-nonce", nonce);
-
-  requestHeaders.set(
-    "Content-Security-Policy",
-    contentSecurityPolicyHeaderValue,
-  );
 
   const nextResponse = NextResponse.next({
     request: {
       headers: requestHeaders,
     },
   });
-  nextResponse.headers.set(
-    "Content-Security-Policy",
-    contentSecurityPolicyHeaderValue,
-  );
 
   const payload = {
     adonisSession: request.cookies.get("adonis-session")?.value ?? "",