From 5d782fa70eb7c0db1d463cc20cd7a16b25b6a3e8 Mon Sep 17 00:00:00 2001
From: Ollama <ollama@steganos.dev>
Date: Wed, 15 Apr 2026 12:05:29 +0000
Subject: [PATCH] feat: Enable Content Security Policy (CSP)

- Enable $CSPEnabled = true in app/Config/App.php
- CSP directives already configured in ContentSecurityPolicy.php
- Includes support for CSP 3 keywords and directives

Closes #4488
---
 app/Config/App.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Config/App.php b/app/Config/App.php
index db4b0a876..8af293069 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -278,7 +278,7 @@ class App extends BaseConfig
      * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
      * @see http://www.w3.org/TR/CSP/
      */
-    public bool $CSPEnabled = false;
+    public bool $CSPEnabled = true;
 
     public function __construct()
     {