From 5b35a89399169ac96ade06e3d4be56ef4fbbc407 Mon Sep 17 00:00:00 2001
From: Andrew Simonson <asimonson1125@gmail.com>
Date: Tue, 24 Oct 2023 19:23:01 -0400
Subject: [PATCH] remove csp (safety is for the weak)

---
 flask.conf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/flask.conf b/flask.conf
index 9907a83..873f9d8 100644
--- a/flask.conf
+++ b/flask.conf
@@ -11,7 +11,6 @@ server {
     gzip_types  text/plain text/javascript text/css;
     gunzip      on;
 
-    add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.chesscomfiles.com *.chess.com *.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com ajax.googleapis.com unpkg.com *.unpkg.com;";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     add_header X-Content-Type-Options 'nosniff';
     add_header X-Frame-Options 'SAMEORIGIN';