From e06c8601b3fd036c85acfb585147d6a5b6df31a5 Mon Sep 17 00:00:00 2001
From: Howard Wu <junghao@gmail.com>
Date: Fri, 8 Aug 2025 13:45:09 +1200
Subject: [PATCH] feat: Adding LINZ server in CSP

---
 weft/handlers.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/weft/handlers.go b/weft/handlers.go
index 7eb3aec..0738451 100644
--- a/weft/handlers.go
+++ b/weft/handlers.go
@@ -59,11 +59,11 @@ var compressibleMimes = map[string]bool{
 
 var defaultCsp = map[string]string{
 	"default-src":     "'none'",
-	"img-src":         "'self' *.geonet.org.nz data: https://*.google-analytics.com https://*.googletagmanager.com",
-	"font-src":        "'self' https://fonts.gstatic.com",
-	"style-src":       "'self'",
+	"img-src":         "'self' *.geonet.org.nz data: https://*.google-analytics.com https://*.googletagmanager.com https://basemaps.linz.govt.nz",
+	"font-src":        "'self' https://fonts.gstatic.com https://basemaps.linz.govt.nz",
+	"style-src":       "'self' blob:",
 	"script-src":      "'self'",
-	"connect-src":     "'self' https://*.geonet.org.nz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com",
+	"connect-src":     "'self' blob: https://*.geonet.org.nz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://basemaps.linz.govt.nz",
 	"frame-src":       "'self' https://www.youtube.com https://www.google.com",
 	"form-action":     "'self' https://*.geonet.org.nz",
 	"base-uri":        "'none'",