From 6c1ad982a1eceb6859f8a9d9e1ec10f6ba9bac3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Sch=C3=A4fer?= <felix.schaefer@tu-dortmund.de>
Date: Mon, 25 Nov 2024 18:58:44 +0100
Subject: [PATCH] website/docs: Fix CSP syntax (#12124)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix CSP syntax

Scheme sources need to not have quotes https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#scheme-source

Signed-off-by: Felix Schäfer <felix.schaefer@tu-dortmund.de>
---
 website/docs/security/security-hardening.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/security/security-hardening.md b/website/docs/security/security-hardening.md
index 6279c4f5636c..0177e740aa3c 100644
--- a/website/docs/security/security-hardening.md
+++ b/website/docs/security/security-hardening.md
@@ -64,7 +64,7 @@ authentik requires at least the following allowed locations:
 
 ```
 default-src 'self';
-img-src 'https:' 'http:' 'data:';
+img-src https: http: data:;
 object-src 'none';
 style-src 'self' 'unsafe-inline';    # Required due to Lit/ShadowDOM
 script-src 'self' 'unsafe-inline';   # Required for generated scripts