-use constant ACCESSLOG_FORMAT => '%{X-Forwarded-For}i|%h %u "%r" %>s %b "%{Referer}i" "%{User-agent}i"';
-use constant CONTENT_SECURITY_POLICY => q,default-src 'none'; script-src 'self' www.google-analytics.com; style-src 'self'; img-src 'self' www.google-analytics.com; connect-src 'self',;
+use constant ACCESSLOG_FORMAT => '%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"';
+
+sub CONTENT_SECURITY_POLICY () {
+ my $csp = <<CSP;
+default-src 'none'
+connect-src 'self'
+form-action 'self'
+frame-ancestors 'none'
+img-src 'self' https://static.mindcoding.ro https://www.google-analytics.com/collect
+referrer origin-when-cross-origin
+script-src 'self' https://static.mindcoding.ro/js.js https://www.google-analytics.com/analytics.js
+style-src 'self' https://static.mindcoding.ro/css/
+CSP
+ chomp $csp;
+ $csp =~ s/\n/; /gr;
+}