updated default source to test image font and websocket connect policies

include/security/apicontentsecurity.conf

@@ -6,7 +6,8 @@
 #     frame-src 'self' data: chrome-extension-resource:;
 #     font-src 'self' data: chrome-extension-resource:;
 #     media-src * data: blob: filesystem:;
-add_header Content-Security-Policy 'default-src \'self\'; script-src * \'self\' \'unsafe-inline\'; style-src * \'self\' \'unsafe-inline\'; upgrade-insecure-requests;' always;
+#add_header Content-Security-Policy 'default-src \'self\'; img-src *; font-src *; connect-src *; script-src * \'self\' \'unsafe-inline\'; style-src * \'self\' \'unsafe-inline\'; upgrade-insecure-requests;' always;
+add_header Content-Security-Policy 'default-src * \'self\'; script-src * \'self\' \'unsafe-inline\'; style-src * \'self\' \'unsafe-inline\'; upgrade-insecure-requests;' always;
 
 add_header X-Frame-Options "SAMEORIGIN" always;
 add_header X-Content-Type-Options "nosniff" always;