From 6f6b21e7c8d22e2104121a076d715de93e031ec1 Mon Sep 17 00:00:00 2001
From: elpatron <m.busche@gmail.com>
Date: Thu, 2 Oct 2025 15:45:01 +0200
Subject: [PATCH] Fix: Allow OpenStreetMap iframe in Content Security Policy

- Add frame-src directive to CSP for OpenStreetMap.org
- Fix Impressum map display issue in production
- Allow embedding of OpenStreetMap iframes while maintaining security
- Update Caddyfile CSP configuration
---
 Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Caddyfile b/Caddyfile
index b5000da..f99e246 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -17,7 +17,7 @@ stargirlnails.de {
         X-Content-Type-Options "nosniff"
         X-XSS-Protection "1; mode=block"
         Referrer-Policy "strict-origin-when-cross-origin"
-        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self';"
+        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self'; frame-src 'self' https://www.openstreetmap.org;"
         
         # HSTS (wird automatisch von Caddy gesetzt)
         Strict-Transport-Security "max-age=31536000; includeSubDomains"