-use constant CONTENT_SECURITY_POLICY => q,default-src 'none'; script-src 'self' static.mindcoding.ro www.google-analytics.com; style-src 'self' static.mindcoding.ro; img-src 'self' static.mindcoding.ro www.google-analytics.com; connect-src 'self',;
+
+sub CONTENT_SECURITY_POLICY () {
+ my $csp = <<CSP;
+default-src 'none'
+connect-src 'self'
+form-action 'self'
+frame-ancestors 'none'
+img-src 'self' https://static.mindcoding.ro https://www.google-analytics.com/collect
+referrer origin-when-cross-origin
+script-src 'self' https://static.mindcoding.ro/js.js https://www.google-analytics.com/analytics.js
+style-src 'self' https://static.mindcoding.ro/css/
+CSP
+ chomp $csp;
+ $csp =~ s/\n/; /gr;
+}