From 3d42e35ec292502daa042232d37be53a293117bf Mon Sep 17 00:00:00 2001
From: Ben Rog-Wilhelm <zorba-github@pavlovian.net>
Date: Mon, 11 Sep 2023 02:53:40 -0500
Subject: [PATCH] Bring the CSP up to standard.

---
 files/routes/allroutes.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/files/routes/allroutes.py b/files/routes/allroutes.py
index 29ea95832..4063a3735 100644
--- a/files/routes/allroutes.py
+++ b/files/routes/allroutes.py
@@ -51,12 +51,12 @@ def teardown_request(error):
 
 @app.after_request
 def after_request(response: Response):
-	response.headers.add("Content-Security-Policy", (
-		" script-src:  'self' https://*.googletagmanager.com"
-		" img-src:     https://*.google-analytics.com https://*.googletagmanager.com"
-		" connect-src: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com"
-		" object-src: 'none'"
-	))
+	response.headers.add("Content-Security-Policy", ("""
+		script-src 'self' https://*.googletagmanager.com;
+		img-src https://*.google-analytics.com https://*.googletagmanager.com;
+		connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;
+		object-src 'none';
+	"""))
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")
 	return response