From de3133bc9e5614791edac2bcbdfb36e1177f67a1 Mon Sep 17 00:00:00 2001
From: user0x42 <dev@u42.dev>
Date: Fri, 28 Feb 2025 06:15:36 +0100
Subject: [PATCH] Update config.toml

---
 config.toml | 86 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 45 insertions(+), 41 deletions(-)

diff --git a/config.toml b/config.toml
index 20db8da..ad16f80 100644
--- a/config.toml
+++ b/config.toml
@@ -124,47 +124,51 @@ show_backlinks = true
 # Whether to use Content Security Policy.
 # Keep in mind that although this can potentially increase security,
 # it can break some stuff, in which case you will need to set custom policy.
-csp = [
-    { directive = "font-src", domains = [
-        "'self'",
-    ] },
-    { directive = "img-src", domains = [
-        "'self'",
-        "https:",
-        "data:",
-    ] },
-    { directive = "media-src", domains = [
-        "'self'",
-        "https:",
-    ] },
-    { directive = "script-src", domains = [
-        "'self'",
-        "*.xsiz.eu",
-        "*.u42.dev",
-    ] },
-    { directive = "style-src", domains = [
-        "'self'",
-        "'unsafe-inline'",
-    ] },
-    { directive = "frame-src", domains = [
-        "https://player.vimeo.com",
-        "https://www.youtube-nocookie.com",
-        "https://toot.community",
-    ] },
-    { directive = "connect-src", domains = [
-        "https://toot.community",
-        "*.xsiz.eu",
-    ] },
-    { directive = "frame-ancestors", domains = [
-        "'none'",
-    ] },
-    { directive = "base-uri", domains = [
-        "'none'",
-    ] },
-    { directive = "form-action", domains = [
-        "'none'",
-    ] },
-]
+#csp = [
+#    { directive = "font-src", domains = [
+#        "'self'",
+#    ] },
+#    { directive = "img-src", domains = [
+#        "'self'",
+#        "https:",
+#        "data:",
+#    ] },
+#    { directive = "media-src", domains = [
+#        "'self'",
+#        "https:",
+#    ] },
+#    { directive = "script-src", domains = [
+#        "'self'",
+#        "*.xsiz.eu",
+#        "*.u42.dev",
+#        "sha256-pXhG/jrX7WBLvkalI68mDNdSUQllQLcbydWC546OFIs=",
+#    ] },
+#    { directive = "style-src", domains = [
+#        "'self'",
+#        "'unsafe-inline'",
+#    ] },
+#    { directive = "frame-src", domains = [
+#        "https://player.vimeo.com",
+#        "https://www.youtube-nocookie.com",
+#        "https://toot.community",
+#        "*u42.dev",
+#        "*.xsiz.eu",
+#    ] },
+#    { directive = "connect-src", domains = [
+#        "https://toot.community",
+#        "*.xsiz.eu",
+#        "*u42.dev",
+#    ] },
+#    { directive = "frame-ancestors", domains = [
+#        "'none'",
+#    ] },
+#    { directive = "base-uri", domains = [
+#        "'none'",
+#    ] },
+#    { directive = "form-action", domains = [
+#        "'none'",
+#    ] },
+#]
 
 [extra.nav]
 # Whether to automatically hide nav when not hovered or focused