From 438997161312c8bc8995ca546e68e9d8b9076184 Mon Sep 17 00:00:00 2001
From: Joseph Milazzo <josephmajora@gmail.com>
Date: Thu, 11 Aug 2022 20:52:48 -0500
Subject: [PATCH] Relaxed CSP and undid the wwwroot copy again (#1428)

---
 API/Startup.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/API/Startup.cs b/API/Startup.cs
index e71520dbc..31342e7d9 100644
--- a/API/Startup.cs
+++ b/API/Startup.cs
@@ -273,7 +273,7 @@ namespace API
                 context.Response.Headers.XFrameOptions = "SAMEORIGIN";
 
                 // Setup CSP to ensure we load assets only from these origins
-                context.Response.Headers.Add("Content-Security-Policy", "default-src 'self' frame-ancestors 'none';");
+                context.Response.Headers.Add("Content-Security-Policy", "frame-ancestors 'none';");
 
                 await next();
             });