From 35e12420af3ae3293dcaacffc96e695478291251 Mon Sep 17 00:00:00 2001
From: "byte[]" <byteslice@airmail.cc>
Date: Tue, 16 Mar 2021 20:24:58 -0400
Subject: [PATCH] strongly segregate domains of main site and ugc in security
 policy

---
 lib/philomena_web/plugs/content_security_policy_plug.ex | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/philomena_web/plugs/content_security_policy_plug.ex b/lib/philomena_web/plugs/content_security_policy_plug.ex
index dc053e49..6f45da81 100644
--- a/lib/philomena_web/plugs/content_security_policy_plug.ex
+++ b/lib/philomena_web/plugs/content_security_policy_plug.ex
@@ -23,9 +23,9 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
       frame_src = Keyword.get(config, :frame_src, nil)
 
       csp_config = [
-        {:default_src, ["'self'", cdn_uri]},
-        {:script_src, ["'self'", cdn_uri | script_src]},
-        {:style_src, ["'self'", cdn_uri | style_src]},
+        {:default_src, ["'self'"]},
+        {:script_src, ["'self'" | script_src]},
+        {:style_src, ["'self'" | style_src]},
         {:object_src, ["'none'"]},
         {:frame_ancestors, ["'none'"]},
         {:frame_src, frame_src || ["'none'"]},