set $font_src1 "https://fonts.googleapis.com";
set $font_src2 "https://fonts.bunny.net";
set $style_src "'self' $font_src1 $font_src2";
# Define some variables to make the config more readable. Change the ### for custom domain
set $script_src "'self' https://###.b-cdn.net";
set $img_src "'self' data:"; # data: allows inline base64 encoded images
# Combine sources following the CSP policy directives
set $csp "default-src 'self'; script-src $script_src; style-src $style_src; img-src $img_src;";
# Add the Content-Security-Policy header with the combined sources
add_header Content-Security-Policy $csp always;
