diff --git a/app/index.html b/app/index.html
index d3aada9aed8..515ff83b267 100644
--- a/app/index.html
+++ b/app/index.html
@@ -13,7 +13,7 @@
-
+
diff --git a/app/styles/application.module.css b/app/styles/application.module.css
index 39ebc11d3b4..0a8037c1c41 100644
--- a/app/styles/application.module.css
+++ b/app/styles/application.module.css
@@ -6,8 +6,7 @@
--header-bg-color: var(--dark-green);
--footer-bg-color: var(--dark-green);
- /* Use the modern font stack inspired by Bootstrap 4 */
- --font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+ --font-family: "Fira Sans", sans-serif;
--main-color: #383838;
--main-color-light: #858585;
@@ -23,8 +22,6 @@
--header-bg-color: var(--violet);
--main-bg: white;
--footer-bg-color: var(--dark-grey);
-
- --font-family: "Fira Sans", sans-serif;
}
* {
diff --git a/config/nginx.conf.erb b/config/nginx.conf.erb
index 70e9a91b26b..fa756b9de54 100644
--- a/config/nginx.conf.erb
+++ b/config/nginx.conf.erb
@@ -188,7 +188,7 @@ http {
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
- add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com; font-src https://fonts.gstatic.com; img-src *; object-src 'none'";
+ add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com https://code.cdn.mozilla.net; font-src https://code.cdn.mozilla.net; img-src *; object-src 'none'";
add_header Access-Control-Allow-Origin "*";
add_header Strict-Transport-Security "max-age=31536000" always;