CSP issue. Not reasonable to work on this. Reasoning here:
Applicable chapters:
CSP simplification.
Reason for simplification: Website breaks in corner cases and the more complex CSP also does not provide higher security. It’s just more complex. Website and Server Tests scores are unchanged.
Old:
content-security-policy: default-src ‘none’; connect-src ‘self’; script-src ‘self’ https://.whonix.org ‘unsafe-inline’ ‘unsafe-eval’; style-src ‘self’ https://.whonix.org ‘unsafe-inline’; img-src ‘self’ data: https://.whonix.org; font-src ‘self’ https://.whonix.org;
New:
content-security-policy: default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’;