From 9cda8e3000e1b5520ca3fcf459c83ff3dc312c1f Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Mon, 11 Sep 2023 04:07:54 -0500
Subject: [PATCH] csp: use template literals to avoid escaping single quotes

---
 src/middleware/csp.ts | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/middleware/csp.ts b/src/middleware/csp.ts
index 6f5c3a8..f97fc9a 100644
--- a/src/middleware/csp.ts
+++ b/src/middleware/csp.ts
@@ -8,17 +8,17 @@ const csp = (): AppMiddleware => {
 
     const policies = [
       'upgrade-insecure-requests',
-      'script-src \'self\'',
+      `script-src 'self'`,
       `connect-src 'self' blob: ${Conf.localDomain} ${wsProtocol}//${host}`,
       `media-src 'self' ${Conf.mediaDomain}`,
       `img-src 'self' data: blob: ${Conf.mediaDomain}`,
-      'default-src \'none\'',
-      'base-uri \'self\'',
-      'frame-ancestors \'none\'',
-      'style-src \'self\' \'unsafe-inline\'',
-      'font-src \'self\'',
-      'manifest-src \'self\'',
-      'frame-src \'self\' https:',
+      `default-src 'none'`,
+      `base-uri 'self'`,
+      `frame-ancestors 'none'`,
+      `style-src 'self' 'unsafe-inline'`,
+      `font-src 'self'`,
+      `manifest-src 'self'`,
+      `frame-src 'self' https:`,
     ];
 
     c.res.headers.set('content-security-policy', policies.join('; '));