From f6d3b8a551f98e8e0acbb86318d2d799deb3cf89 Mon Sep 17 00:00:00 2001
From: Matiss Jurevics <matissjurevics@gmail.com>
Date: Wed, 28 Jan 2026 11:15:00 +0000
Subject: [PATCH] fix(sim): allow jsdelivr script under helmet CSP

---
 Backend/index.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/Backend/index.ts b/Backend/index.ts
index d5fe396..7c87acc 100644
--- a/Backend/index.ts
+++ b/Backend/index.ts
@@ -43,7 +43,15 @@ app.use('/docs', swaggerUi.serve, swaggerUi.setup(openApiDocument));
 
 app.all('/api/auth/*splat', toNodeHandler(auth));
 
-app.use(helmet());
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        scriptSrc: ["'self'", 'https://cdn.jsdelivr.net'],
+      },
+    },
+  }),
+);
 app.use(
   cors({
     origin: trustedOrigins.length > 0 ? trustedOrigins : true,