From 641185919c342d1846583a39ac0a069e0315427e Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Tue, 19 Nov 2024 22:01:12 +0100
Subject: [PATCH] feat(security): enable Content-Security-Plolicy for external
 js

---
 middleware/content_security_policiy.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/middleware/content_security_policiy.go b/middleware/content_security_policiy.go
index 61670f4..e28d707 100644
--- a/middleware/content_security_policiy.go
+++ b/middleware/content_security_policiy.go
@@ -5,7 +5,8 @@ import "net/http"
 func ContentSecurityPolicy(next http.Handler) http.Handler {
 
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Security-Policy", "default-src 'self'")
+		w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self' https://umami.me-fit.eu/script.js")
+
 		next.ServeHTTP(w, r)
 	})
 }