Fix CSP connect-src to allow cdn.jsdelivr.net

Allow connections to cdn.jsdelivr.net for Chart.js resources. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 11:13:07 +00:00
parent 8f705221db
commit 71b05769ae
1 changed files with 1 additions and 1 deletions
--- a/backend/app.py
+++ b/backend/app.py
@@ -70,7 +70,7 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
            "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; "
            "font-src 'self' https://fonts.gstatic.com; "
            "img-src 'self' data:; "
-            "connect-src 'self'; "
+            "connect-src 'self' https://cdn.jsdelivr.net; "
            "frame-ancestors 'none'; "
            "base-uri 'self'; "
            "form-action 'self';"