From 01702e82e91c9e95e8cce0ccbf86187df35c4884 Mon Sep 17 00:00:00 2001
From: Jonah Aragon <jonah@triplebit.net>
Date: Wed, 2 Oct 2019 22:20:17 -0500
Subject: [PATCH] Update CSP

---
 nginx/010-headers.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx/010-headers.conf b/nginx/010-headers.conf
index 46c4ef44..4208dadf 100644
--- a/nginx/010-headers.conf
+++ b/nginx/010-headers.conf
@@ -1,7 +1,7 @@
 add_header X-Frame-Options DENY always;
 add_header X-XSS-Protection "1; mode=block" always;
 add_header X-Content-Type-Options nosniff always;
-add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://stats.privacytools.io; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.privacytools.io; object-src 'none'; frame-src https://stats.privacytools.io; font-src 'self'; manifest-src 'self';" always;
+add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://*.privacytools.io 127.0.0.1; style-src 'self' 'unsafe-inline' 127.0.0.1; img-src 'self' data: https://*.privacytools.io 127.0.0.1; object-src 'none'; frame-src https://stats.privacytools.io; font-src 'self'; manifest-src 'self';" always;
 add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload";
 add_header 'Access-Control-Allow-Origin' '*';
 add_header Alt-Svc 'h2="privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion:443"; ma=86400; persist=1';