diff --git a/files/helpers/const.py b/files/helpers/const.py
index 535d6ca4f..d633e1bd8 100644
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@@ -42,11 +42,6 @@ FP = environ.get("FP", "").strip()
KOFI_TOKEN = environ.get("KOFI_TOKEN", "").strip()
KOFI_LINK = environ.get("KOFI_LINK", "").strip()
-PUSHER_ID_CSP = ""
-if PUSHER_ID != DEFAULT_CONFIG_VALUE:
- PUSHER_ID_CSP = f" {PUSHER_ID}.pushnotifications.pusher.com"
-CONTENT_SECURITY_POLICY_DEFAULT = "script-src 'self' 'unsafe-inline' challenges.cloudflare.com; connect-src 'self'; object-src 'none';"
-CONTENT_SECURITY_POLICY_HOME = f"script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io{PUSHER_ID_CSP}; object-src 'none';"
CLOUDFLARE_COOKIE_VALUE = "yes." # remember to change this in CloudFlare too
diff --git a/files/routes/jinja2.py b/files/routes/jinja2.py
index fd16d3ae6..09b3b66a1 100644
--- a/files/routes/jinja2.py
+++ b/files/routes/jinja2.py
@@ -59,8 +59,6 @@ def inject_constants():
"site_settings":get_settings(), "EMAIL":EMAIL, "calc_users":calc_users,
"max": max, "min": min, "user_can_see":User.can_see,
"TELEGRAM_LINK":TELEGRAM_LINK, "EMAIL_REGEX_PATTERN":EMAIL_REGEX_PATTERN,
- "CONTENT_SECURITY_POLICY_DEFAULT":CONTENT_SECURITY_POLICY_DEFAULT,
- "CONTENT_SECURITY_POLICY_HOME":CONTENT_SECURITY_POLICY_HOME,
"TRUESCORE_DONATE_MINIMUM":TRUESCORE_DONATE_MINIMUM,
"DONATE_LINK":DONATE_LINK, "DONATE_SERVICE":DONATE_SERVICE, "BAN_EVASION_DOMAIN":BAN_EVASION_DOMAIN,
"HOUSE_JOIN_COST":HOUSE_JOIN_COST, "HOUSE_SWITCH_COST":HOUSE_SWITCH_COST, "IMAGE_FORMATS":IMAGE_FORMATS,
diff --git a/files/templates/chat.html b/files/templates/chat.html
index be056f0cd..fb169a267 100644
--- a/files/templates/chat.html
+++ b/files/templates/chat.html
@@ -1,9 +1,4 @@
{%- extends 'root.html' -%}
-{% if IS_LOCALHOST %}
- {% set csp="script-src 'self' 'unsafe-inline' rdrama.net; connect-src 'self'; object-src 'none';" %}
-{% else %}
- {% set csp=none %}
-{% endif %}
{% block pagetitle %}Chat{% endblock %}
{% block pagetype %}chat{% endblock %}
{% block body %}
diff --git a/files/templates/default.html b/files/templates/default.html
index c3f5818fc..2e66597ab 100644
--- a/files/templates/default.html
+++ b/files/templates/default.html
@@ -1,5 +1,4 @@
{%- extends 'root.html' -%}
-{% set csp = CONTENT_SECURITY_POLICY_HOME if request.path == '/' else CONTENT_SECURITY_POLICY_DEFAULT %}
{% block body_attributes %}id="{% if request.path != '/comments' %}{% block pagetype %}frontpage{% endblock %}{% endif %}" {% if SITE_NAME == 'rDrama' and v and (v.is_banned or v.agendaposter) %}style="overflow-x: hidden;background:url(/assets/images/backgrounds/anime/1.webp?v=3) center center fixed; background-color: var(--background)"{% elif v and v.background %}style="{% if path != '/formatting' %}overflow-x: hidden; {% endif %} background:url(/assets/images/backgrounds/{{v.background}}?v=3) center center fixed; background-color: var(--background){% if 'anime' not in v.background %};background-size: cover{% endif %}"{% elif not v %}style="{% if path != '/formatting' %}overflow-x: hidden; {% endif %} background:url(/assets/images/backgrounds/glitter/1.webp?v=3) center center fixed; background-color: var(--background);background-size: cover"{% endif %}{% endblock %}
{% block body %}
{% block banner %}
diff --git a/files/templates/root.html b/files/templates/root.html
index 4acabb36f..be35d1078 100644
--- a/files/templates/root.html
+++ b/files/templates/root.html
@@ -7,15 +7,11 @@
{% endblock %}
{%- import 'util/macros.html' as macros with context -%}
{%- import 'util/html_head.html' as html_head with context -%}
-{%- if request.path == '/' -%}
- {%- set csp=CONTENT_SECURITY_POLICY_HOME -%}
-{%- endif -%}
{% block head %}
-
{% block title %}{% block pagetitle %}if you see this pls report it as a bug <3{% endblock %} - {{SITE_NAME}}{% endblock %}
{{html_head.page_meta(self.pagetitle() or none)}}
{{html_head.javascript() if root_scope.js}}
diff --git a/nginx.conf b/nginx.conf
index 8559af0dd..3bc7ac084 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -8,6 +8,7 @@ server {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options "deny";
add_header X-Content-Type-Options "nosniff";
+ add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com; connect-src 'self' tls-use1.fpapi.io api.fpjs.io 00bb6d59-7b11-4339-b1ae-b1f1259d1316.pushnotifications.pusher.com; object-src 'none';";
location / {
proxy_pass http://localhost:5000/;