From 12fd378e8c51f229307724ad1848aa975d7a0f11 Mon Sep 17 00:00:00 2001
From: Deco Vander <deco@deco.sh>
Date: Thu, 3 Jul 2025 01:24:51 -0400
Subject: [PATCH] Fix CSP to allow Leaflet marker icons from unpkg.com

- Updated Content-Security-Policy img-src directive to include unpkg.com
- Resolves CSP violation preventing Leaflet marker icons from loading
- Maintains security while allowing necessary external image resources
---
 scripts/Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/Caddyfile b/scripts/Caddyfile
index a7a23ee..ba19513 100644
--- a/scripts/Caddyfile
+++ b/scripts/Caddyfile
@@ -35,7 +35,7 @@ yourdomain.com {
         # Referrer policy
         Referrer-Policy strict-origin-when-cross-origin
         # Content Security Policy
-        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' unpkg.com api.mapbox.com; style-src 'self' 'unsafe-inline' unpkg.com; img-src 'self' data: *.tile.openstreetmap.org; connect-src 'self' api.mapbox.com nominatim.openstreetmap.org"
+        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' unpkg.com api.mapbox.com; style-src 'self' 'unsafe-inline' unpkg.com; img-src 'self' data: *.tile.openstreetmap.org unpkg.com; connect-src 'self' api.mapbox.com nominatim.openstreetmap.org"
     }
     
     # Gzip compression