From 2af22036b8e9b7f07297508e4dec0ed09500fc3a Mon Sep 17 00:00:00 2001
From: samsepi0l <contact@simpleprivacy.fr>
Date: Tue, 2 May 2023 09:39:34 +0200
Subject: [PATCH] Fix CSP for SOGo (#122)

Signed-off-by: samsepi0l <contact@simpleprivacy.fr>
---
 content/posts/linux/Slightly Improving Mailcow Security.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/posts/linux/Slightly Improving Mailcow Security.md b/content/posts/linux/Slightly Improving Mailcow Security.md
index 4f46a17..446774e 100644
--- a/content/posts/linux/Slightly Improving Mailcow Security.md	
+++ b/content/posts/linux/Slightly Improving Mailcow Security.md	
@@ -75,13 +75,13 @@ Use the following as your [Content Security Policy](https://developer.mozilla.or
 #### If you use Gravatar with SOGo
 
 ```
-add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
+add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com https://www.gravatar.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
 ```
 
 #### If you do not use Gravatar with SOGo
 
 ```
-add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com https://www.gravatar.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
+add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
 ```
 
 ### Cross-Origin Resource, Opener, and Embedder Policies