From e8b93683fc88340ffefb7a4e1c2bf6d0da39b0f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yannik=20R=C3=B6del?= <hey@yannik.info>
Date: Mon, 23 Jan 2023 12:22:46 +0100
Subject: [PATCH] Fix CSP for both sites

---
 sites/angestoepselt/httpd.conf | 2 +-
 sites/coderdojo/httpd.conf     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sites/angestoepselt/httpd.conf b/sites/angestoepselt/httpd.conf
index 939938f..08f8f01 100644
--- a/sites/angestoepselt/httpd.conf
+++ b/sites/angestoepselt/httpd.conf
@@ -11,7 +11,7 @@ server.document-root = "@site@"
 index-file.names = ( "index.html" )
 
 setenv.set-response-header += (
-	"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com, https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
+	"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
 )
 
 url.redirect = (
diff --git a/sites/coderdojo/httpd.conf b/sites/coderdojo/httpd.conf
index ea2aa48..ae6c412 100644
--- a/sites/coderdojo/httpd.conf
+++ b/sites/coderdojo/httpd.conf
@@ -11,7 +11,7 @@ server.document-root = "@site@"
 index-file.names = ( "index.html" )
 
 setenv.set-response-header += (
-	"Content-Security-Policy" => "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com, https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
+	"Content-Security-Policy" => "default-src 'self'; image-src 'self' https://photos.gutwe.in; script-src 'self' 'eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'none'",
 )
 
 #