fix(nginx): correct csp

nginx.conf

@@ -41,25 +41,24 @@ http {
         add_header X-XSS-Protection "1; mode=block";
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
-        add_header Referrer-Policy strict-origin-when-cross-origin;
         add_header X-Frame-Options sameorigin;
         add_header Report-To '{"group":"default","max_age":31536000,"endpoints":[{"url":"https://dargmuesli.report-uri.com/a/d/g"}],"include_subdomains":true}';
         add_header NEL '{"report_to":"default","max_age":31536000,"include_subdomains":true}';
         add_header Content-Security-Policy "
-            base-uri: 'none';
-            connect-src 'https://www.google-analytics.com';
+            base-uri 'none';
+            connect-src 'self' https://www.google-analytics.com;
             default-src 'none';
             font-src 'none';
-            form-action: 'none';
-            frame-ancestors: 'none';
+            form-action 'none';
+            frame-ancestors 'none';
             frame-src 'none';
             img-src 'self' https://www.google-analytics.com;
             manifest-src 'self';
             media-src 'self';
             object-src 'self';
             script-src 'self' https://static.cloudflareinsights.com/beacon.min.js https://www.google-analytics.com/analytics.js;
             style-src 'self';
-            report-to default;
+            report-uri https://dargmuesli.report-uri.com/r/d/csp/enforce;
         ";
 
         gzip on;