From 0eaeae99aa9f291c9e9e9a0bbd8f565423940662 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Thu, 21 May 2026 19:13:33 +0300
Subject: [PATCH] Deploy: 2026-05-21 19:13:33

---
 backend/app/Middlewares/SecurityMiddleware.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/app/Middlewares/SecurityMiddleware.php b/backend/app/Middlewares/SecurityMiddleware.php
index e2728c2..abbae10 100644
--- a/backend/app/Middlewares/SecurityMiddleware.php
+++ b/backend/app/Middlewares/SecurityMiddleware.php
@@ -18,7 +18,7 @@ class SecurityMiddleware
         $response->setHeader('X-XSS-Protection', '1; mode=block'); // Prevent Cross-Site Scripting (XSS)
         $response->setHeader('X-Content-Type-Options', 'nosniff'); // Prevent MIME-sniffing
         $response->setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload'); // HSTS
-        $response->setHeader('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'none';"); // CSP
+        $response->setHeader('Content-Security-Policy', "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; object-src 'none';"); // CSP
 
         // 2. Input Sanitization to prevent XSS (Recursive)
         $body = $request->getBody();