From 5a8116ec22635aeb6130440a49ebe85ba16c0ff8 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 31 Oct 2022 09:57:49 +0000
Subject: [PATCH] Fix default CSP

---
 website/settings.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/website/settings.py b/website/settings.py
index 16af799..6adcea2 100644
--- a/website/settings.py
+++ b/website/settings.py
@@ -412,6 +412,9 @@ PERMISSIONS_POLICY: dict[str, list] = {
     "usb": [],
 }
 
+# Disable default CSP which blocks all remote content
+CSP_DEFAULT_SRC = None
+
 if not DEBUG:
     SECURE_HSTS_SECONDS = 2592000  # 30 days