From e3f0cab34237ad9bfc4c189fe7c468109c5e97bf Mon Sep 17 00:00:00 2001
From: Eduard Tihomirov <tikhomirov@micord.ru>
Date: Fri, 24 Jan 2025 15:50:42 +0300
Subject: [PATCH] SUPPORT-8783: Fix

---
 config/nginx.conf.template | 2 +-
 html/index.html            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/nginx.conf.template b/config/nginx.conf.template
index 2adac2d..c5667a5 100644
--- a/config/nginx.conf.template
+++ b/config/nginx.conf.template
@@ -57,7 +57,7 @@ server {
         index index.html;
         expires -1;
 
-        add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
+        add_header Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; connect-src 'self' https; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:;";
 
 	    # Media: images, icons, video, audio, HTC
 	    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|ttf)$ {
diff --git a/html/index.html b/html/index.html
index c8a1569..67e8278 100644
--- a/html/index.html
+++ b/html/index.html
@@ -5,7 +5,7 @@
 		<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta http-equiv="Content-Security-Policy"
-			  content="default-src 'self'; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
+			  content="default-src 'self'; connect-src 'self' https; script-src 'self'; style-src 'unsafe-inline' 'self' data:; font-src 'self' data:; img-src 'self' data:"/>
 		<meta name="referrer" content="strict-origin-when-cross-origin"/>
 		<script src="script/cert-checker.js"></script>
 	</head>