revert: locking down the font-src to make it strict

bcgov · Feb 18, 2025 · 0a1c962 · 0a1c962
1 parent 916a069
commit 0a1c962
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/app.js b/app/app.js
@@ -30,7 +30,7 @@ const app = express();
 
 // Set the CSP header so that external media cannot be displayed in the forms.
 app.use((_req, res, next) => {
-  res.setHeader('Content-Security-Policy', "default-src 'self'; font-src 'self' https:");
+  res.setHeader('Content-Security-Policy', "default-src 'self'; font-src 'self'");
   next();
 });