From 66db52e7c89111f107b1da425176903138e7a696 Mon Sep 17 00:00:00 2001
From: azures04 <gilleslazure04@gmail.com>
Date: Mon, 19 Jan 2026 20:37:12 +0100
Subject: [PATCH] Update server.js

---
 server.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 82cb9f4..f9a3be2 100644
--- a/server.js
+++ b/server.js
@@ -21,7 +21,18 @@ databaseGlobals.setupDatabase()
 certificates.setupKeys()
 
 app.use(hpp())
-app.use(helmet())
+app.use(helmet({
+    contentSecurityPolicy: {
+        directives: {
+            defaultSrc: ["'self'"],
+            scriptSrc: ["'self'", "https://cdnjs.cloudflare.com", "'unsafe-inline'"],
+            styleSrc: ["'self'", "'unsafe-inline'", "https://cdn.jsdelivr.net", "https://cdnjs.cloudflare.com"],
+            fontSrc: ["'self'", "https://cdn.jsdelivr.net", "https://cdnjs.cloudflare.com"],
+            connectSrc: ["'self'", "https://yggdrasil.azures.fr"],
+            imgSrc: ["'self'", "data:"],
+        },
+    }
+}))
 app.use(cors({ origin: "*" }))
 
 app.use(express.json())