From af318310f420fa4c9a06dfa28a5bbd4255c70340 Mon Sep 17 00:00:00 2001
From: Serreau Jovann <jovann@siteconseil.fr>
Date: Thu, 25 Dec 2025 00:18:00 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat(ansible/caddy):=20Met=20=C3=A0?=
 =?UTF-8?q?=20jour=20la=20politique=20de=20s=C3=A9curit=C3=A9=20de=20conte?=
 =?UTF-8?q?nu=20pour=20autoriser=20Cloudflare=20Challenges.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ansible/templates/caddy.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/templates/caddy.j2 b/ansible/templates/caddy.j2
index 2c6291e..b36efc7 100644
--- a/ansible/templates/caddy.j2
+++ b/ansible/templates/caddy.j2
@@ -20,7 +20,7 @@ www.e-cosplay.fr {
     header {
         -X-Robots-Tag
         Permissions-Policy "accelerometer=(), autoplay=(), encrypted-media=(), geolocation=(), gyroscope=(), magnetometer=(), midi=(), payment=(), publickey-credentials-get=(), usb=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), gamepad=()"
-        Content-Security-Policy "base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://sentry.esy-web.dev https://www.e-cosplay.fr https://datas.e-cosplay.fr https://app.chatwoot.com https://*.cloudflareinsights.com https://storage.googleapis.com https://*.trustpilot.com https://climate.stripe.com; font-src 'self' https://fonts.gstatic.com;connect-src https://*.e-cosplay.fr https://*.cloudflareinsights.com https://fonts.googleapis.com https://widget.trustpilot.com/ https://challenges.cloudflare.com https://app.chatwoot.com; frame-src 'self' https://*.trustpilot.com https://app.chatwoot.com https://climate.stripe.com; worker-src 'self' blob:;"
+        Content-Security-Policy "base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://challenges.cloudflare.com https://sentry.esy-web.dev https://www.e-cosplay.fr https://datas.e-cosplay.fr https://app.chatwoot.com https://*.cloudflareinsights.com https://storage.googleapis.com https://*.trustpilot.com https://climate.stripe.com; font-src 'self' https://fonts.gstatic.com;connect-src https://*.e-cosplay.fr https://*.cloudflareinsights.com https://fonts.googleapis.com https://widget.trustpilot.com/ https://challenges.cloudflare.com https://app.chatwoot.com; frame-src 'self' https://*.trustpilot.com https://app.chatwoot.com https://climate.stripe.com; worker-src 'self' blob:;"
         Cross-Origin-Embedder-Policy ""
         Cross-Origin-Opener-Policy ""
         Cross-Origin-Resource-Policy ""