From 03c690b00b2b28541eedd57f30a2a7ab98fd1dab Mon Sep 17 00:00:00 2001
From: hirenshah <418112+hirenshah@users.noreply.github.com>
Date: Sun, 17 Jan 2021 17:13:38 +0000
Subject: [PATCH] docs: Update LE/NGINX to remove CSP [skip ci]

---
 docs/extending-overseerr/reverse-proxy-examples.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/extending-overseerr/reverse-proxy-examples.md b/docs/extending-overseerr/reverse-proxy-examples.md
index b69e95040..790efab67 100644
--- a/docs/extending-overseerr/reverse-proxy-examples.md
+++ b/docs/extending-overseerr/reverse-proxy-examples.md
@@ -112,8 +112,8 @@ server {
     add_header Referrer-Policy "no-referrer";
     # HTTP Strict Transport Security
     add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
-    # Reduce XSS risks (Content-Security-Policy)
-    add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://plex.tv; style-src 'self' 'unsafe-inline' https://rsms.me/inter/inter.css; script-src 'self'; img-src 'self' data: https://plex.tv https://assets.plex.tv https://secure.gravatar.com https://i2.wp.com https://image.tmdb.org; font-src 'self' https://rsms.me/inter/font-files/" always;
+    # Reduce XSS risks (Content-Security-Policy) - uncomment to use and add URLs whenever necessary
+    # add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://plex.tv; style-src 'self' 'unsafe-inline' https://rsms.me/inter/inter.css; script-src 'self'; img-src 'self' data: https://plex.tv https://assets.plex.tv https://gravatar.com https://i2.wp.com https://image.tmdb.org; font-src 'self' https://rsms.me/inter/font-files/" always;
     # Prevent some categories of XSS attacks (X-XSS-Protection)
     add_header X-XSS-Protection "1; mode=block" always;
     # Provide clickjacking protection (X-Frame-Options)