From b77c8bc1edd67c9cdfc83f55302ee2a73dadafb7 Mon Sep 17 00:00:00 2001
From: Niklas B <niklas.buechel@accso.de>
Date: Thu, 23 Jan 2025 13:15:06 +0100
Subject: [PATCH] Fix profile picture loading error in production

Fixes #22

The solution was generated using github copilot workspace.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/accso/SecureCheckPlus/issues/22?shareId=XXXX-XXXX-XXXX-XXXX).
---
 backend/securecheckplus/settings.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/backend/securecheckplus/settings.py b/backend/securecheckplus/settings.py
index 13df1d2..1952cb0 100644
--- a/backend/securecheckplus/settings.py
+++ b/backend/securecheckplus/settings.py
@@ -300,3 +300,18 @@ def format(self, record):
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False
 SESSION_SAVE_EVERY_REQUEST = True
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 30  # 30 days
+
+# Content Security Policy
+CSP_DEFAULT_SRC = ("'self'",)
+CSP_IMG_SRC = (
+    "'self'",
+    "data:",
+    "*.interssl.com",
+    "www.wkoecg.at",
+    "*.geotrust.com",
+    "*.paypal.com",
+    "*.amazonaws.com",
+    "*.google-analytics.com",
+    "*.cloudflare.com",
+    "api.dicebear.com",
+)