From a6001ad2d9eb93147acecd2744a922686060ac61 Mon Sep 17 00:00:00 2001
From: Greg Skriloff <35093316+gskril@users.noreply.github.com>
Date: Fri, 8 Aug 2025 23:22:45 -0400
Subject: [PATCH 1/2] Fix CSP header

---
 src/public/_headers | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/public/_headers b/src/public/_headers
index e8effca6..f0a96ff3 100644
--- a/src/public/_headers
+++ b/src/public/_headers
@@ -1 +1,2 @@
-Content-Security-Policy: default-src 'self'; script-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src-elem 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; connect-src 'self' https://eth.merkle.io https://euc.li https://api.opensea.io https://ipfs.io https://docs.ens.domains; img-src 'self' data: blob: https://*.docs-bao.pages.dev https://euc.li https://api.opensea.io https://ipfs.io https://i.seadn.io; font-src 'self' https://*.docs-bao.pages.dev https://fonts.gstatic.com; object-src 'none';
+/*
+  Content-Security-Policy: default-src 'self'; script-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src-elem 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; connect-src 'self' https://eth.merkle.io https://euc.li https://api.opensea.io https://ipfs.io https://docs.ens.domains; img-src 'self' data: blob: https://*.docs-bao.pages.dev https://euc.li https://api.opensea.io https://ipfs.io https://i.seadn.io; font-src 'self' https://*.docs-bao.pages.dev https://fonts.gstatic.com; object-src 'none';

From bec829a308183273c0fa09757db8c6960eda89d7 Mon Sep 17 00:00:00 2001
From: Greg Skriloff <35093316+gskril@users.noreply.github.com>
Date: Fri, 8 Aug 2025 23:31:58 -0400
Subject: [PATCH 2/2] Update google fonts policy

---
 src/public/_headers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/public/_headers b/src/public/_headers
index f0a96ff3..b58c3666 100644
--- a/src/public/_headers
+++ b/src/public/_headers
@@ -1,2 +1,2 @@
 /*
-  Content-Security-Policy: default-src 'self'; script-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src-elem 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; connect-src 'self' https://eth.merkle.io https://euc.li https://api.opensea.io https://ipfs.io https://docs.ens.domains; img-src 'self' data: blob: https://*.docs-bao.pages.dev https://euc.li https://api.opensea.io https://ipfs.io https://i.seadn.io; font-src 'self' https://*.docs-bao.pages.dev https://fonts.gstatic.com; object-src 'none';
+  Content-Security-Policy: default-src 'self'; script-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src 'self' https://docs.ens.domains https://*.docs-bao.pages.dev https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' https://docs.ens.domains https://*.docs-bao.pages.dev 'unsafe-inline'; style-src-elem 'self' https://docs.ens.domains https://*.docs-bao.pages.dev https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://eth.merkle.io https://euc.li https://api.opensea.io https://ipfs.io https://docs.ens.domains; img-src 'self' data: blob: https://*.docs-bao.pages.dev https://euc.li https://api.opensea.io https://ipfs.io https://i.seadn.io; font-src 'self' https://*.docs-bao.pages.dev https://fonts.gstatic.com; object-src 'none';