From 855f7b5f94230ec29e2b54346325881d0933d214 Mon Sep 17 00:00:00 2001
From: Conor Holden <conor@maykinmedia.nl>
Date: Mon, 23 Sep 2024 16:44:11 +0200
Subject: [PATCH] :sparkles:[#46] remove CDN links

---
 open_api_framework/conf/base.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/open_api_framework/conf/base.py b/open_api_framework/conf/base.py
index 108ab2a..ce2e45f 100644
--- a/open_api_framework/conf/base.py
+++ b/open_api_framework/conf/base.py
@@ -999,7 +999,7 @@ def init_sentry(before_send: Callable | None = None):
 
 CSP_IMG_SRC = (
     CSP_DEFAULT_SRC
-    + ["data:", "cdn.redoc.ly", "cdn.jsdelivr.net"]  # used by DRF spectacular
+    + ["data:"]  # used by DRF spectacular
     + config(
         "CSP_EXTRA_IMG_SRC",
         default=[],
@@ -1028,6 +1028,7 @@ def init_sentry(before_send: Callable | None = None):
 CSP_SCRIPT_SRC = CSP_DEFAULT_SRC + ["'unsafe-inline'"]
 CSP_FONT_SRC = ("'self'", "fonts.gstatic.com")
 CSP_WORKER_SRC = ("'self'", "blob:")
+CSP_CONNECT_SRC = CSP_DEFAULT_SRC + ["raw.githubusercontent.com"]
 
 # firefox does not get the nonce from default-src, see
 # https://stackoverflow.com/a/63376012