From d723404f75ac20ed980467b239b9d494131fbc99 Mon Sep 17 00:00:00 2001
From: Aetherinox <aetherinox@proton.me>
Date: Sun, 10 Mar 2024 06:42:45 -0700
Subject: [PATCH] fix: Content Security Policy in Obsidian console

Fixed an error occurring with Opengist loading content due to a Content Security Policy violation
---
 src/backend/backend.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/backend.ts b/src/backend/backend.ts
index c441a7bf..25a50a81 100644
--- a/src/backend/backend.ts
+++ b/src/backend/backend.ts
@@ -151,7 +151,7 @@ export class GistrBackend
             policy directive error if certain attributes arent used. doesnt affect the plugin, but erors are bad
         */
 
-        ct_iframe.setAttribute  ( 'csp', "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' ${host} ;" )
+        ct_iframe.setAttribute  ( 'csp', "default-src * self blob: data: gap:; font-src 'self' https://fonts.gstatic.com/; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:;" )
 
         /*
             assign css, body, js