add_header  "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net 'self' aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline'; img-src foundation.aninix.net 'self' aninix.net; font-src data: 'self' aninix.net foundation.aninix.net; connect-src mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' aninix.net foundation.aninix.net; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'none'; ";
# Gitea requires unsafe-inline style sources for label colors
# TT-RSS requires unsafe-inline/unsafe-eval for its javascript dojo.js integrations.