From f12e502eb87089110f8e51ea9b80311d9c480291 Mon Sep 17 00:00:00 2001
From: James Cole <james@firefly-iii.org>
Date: Sun, 10 Mar 2024 16:46:33 +0100
Subject: [PATCH] Fix header

---
 app/Http/Middleware/SecureHeaders.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index 5c34953fdd..72bf8b11d6 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -50,12 +50,12 @@ class SecureHeaders
         $csp                = [
             "default-src 'none'",
             "object-src 'none'",
-            sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
+            sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'nonce-%1s'", $nonce),
             "style-src 'unsafe-inline' 'self'",
             "base-uri 'self'",
             "font-src 'self' data:",
             sprintf("connect-src 'self' %s", $trackingScriptSrc),
-            sprintf("img-src 'strict-dynamic' 'self' %s", $trackingScriptSrc),
+            sprintf("img-src 'strict-dynamic' 'self' 'nonce-%1s'", $nonce),
             "manifest-src 'self'",
         ];