From 095274b76e57b732dbee8fd9b6bd314c911c3b1c Mon Sep 17 00:00:00 2001
From: Andrew Simonson <asimonson1125@gmail.com>
Date: Tue, 24 Oct 2023 18:54:12 -0400
Subject: [PATCH] add to leaflet to csp

---
 flask.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/flask.conf b/flask.conf
index e31c0b4..75fad48 100644
--- a/flask.conf
+++ b/flask.conf
@@ -11,7 +11,7 @@ server {
     gzip_types  text/plain text/javascript text/css;
     gunzip      on;
 
-    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.chesscomfiles.com *.chess.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com ajax.googleapis.com;";
+    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.chesscomfiles.com *.chess.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com ajax.googleapis.com *.unpkg.com;";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     add_header X-Content-Type-Options 'nosniff';
     add_header X-Frame-Options 'SAMEORIGIN';