From a588d39d727ef55deead082f94d91fca3154eeaa Mon Sep 17 00:00:00 2001
From: Ronni Skansing <rskansing@gmail.com>
Date: Sat, 6 Jun 2026 20:44:15 +0200
Subject: [PATCH] fix disable CSP too restrictive for editor previews

Signed-off-by: Ronni Skansing <rskansing@gmail.com>
---
 backend/middleware/securityHeaders.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/middleware/securityHeaders.go b/backend/middleware/securityHeaders.go
index 084f5b3..3a27357 100644
--- a/backend/middleware/securityHeaders.go
+++ b/backend/middleware/securityHeaders.go
@@ -4,7 +4,8 @@ import "github.com/gin-gonic/gin"
 
 func SecurityHeaders() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		c.Header("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'self'; frame-src data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';")
+		// too many issues with previewing resources
+		// c.Header("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'self'; frame-src data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';")
 		c.Header("X-Content-Type-Options", "nosniff")
 		c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
 		c.Header("Permissions-Policy", "camera=(), microphone=(), geolocation=(), payment=()")