Update CSP to allow connections from cdnjs.cloudflare.com and enhance stat card styles with icons and improved layout

2026-03-03 10:15:08 +01:00
parent 51c0755d67
commit 85778855ca
2 changed files with 68 additions and 19 deletions
--- a/backend/app.py
+++ b/backend/app.py
@@ -95,7 +95,7 @@ def create_app():
        'style-src':    ["'self'", "'unsafe-inline'"],         # inline styles in templates (aanvaardbaar)
        'img-src':      ["'self'", 'data:'],
        'font-src':     ["'self'"],
-        'connect-src':  ["'self'"],
+        'connect-src':  ["'self'", 'cdnjs.cloudflare.com'],
        'form-action':  ["'self'"],                             # voorkomt form hijacking
        'base-uri':     ["'self'"],                             # voorkomt base tag injection
        'frame-ancestors': ["'none'"],                          # clickjacking preventie