From e62f68f51430a4481060c1effcb7d8d537270769 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Mon, 29 May 2023 12:46:17 +0100
Subject: [PATCH] style: Improve security by updating CSP headers

- Update `CSPHeader.php` to improve security by removing unsafe-inline.
---
 app/Http/Middleware/CSPHeader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/CSPHeader.php b/app/Http/Middleware/CSPHeader.php
index d5cd4c53..07e77e3a 100644
--- a/app/Http/Middleware/CSPHeader.php
+++ b/app/Http/Middleware/CSPHeader.php
@@ -25,7 +25,7 @@ class CSPHeader
             ->header(
                 'Content-Security-Policy',
                 "default-src 'self'; " .
-                "style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
+                "style-src 'self' cloud.typography.com jonnybarnes.uk; " .
                 "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
                 "font-src 'self' data:; " .
                 "frame-src 'self' https://www.youtube.com blob:; " .