helmet.go removed wildcard directive.

2025-05-18 22:48:11 +05:30 · 2025-05-18 22:48:11 +05:30 · ddb4b35181
commit ddb4b35181
parent f8cdf3a511
1 changed files with 2 additions and 2 deletions
--- a/middleware/helmet.go
+++ b/middleware/helmet.go
@ -268,7 +268,7 @@ func (csp *CSP) value() string {
 	sb.WriteString(fmt.Sprintf(
 		"style-src %s; ",
-		cspNormalised(csp.StyleSrc, []string{"self", "https:", "unsafe-inline"}),
+		cspNormalised(csp.StyleSrc, []string{"self", "unsafe-inline"}),
 	))
 	sb.WriteString(fmt.Sprintf(
@ -288,7 +288,7 @@ func (csp *CSP) value() string {
 	sb.WriteString(fmt.Sprintf(
 		"font-src %s; ",
-		cspNormalised(csp.FontSrc, []string{"self", "https:", "data:"}),
+		cspNormalised(csp.FontSrc, []string{"self", "data:"}),
 	))
 	sb.WriteString(fmt.Sprintf(