@@ -5,7 +5,6 @@ "context"
 	"net/http"
 	"os"
 	"path/filepath"
-	"slices"
 	"sync"
 	"time"
 
@@ -27,7 +26,6 @@ "alin.ovh/x/log"
 	"github.com/Southclaws/fault"
 	"github.com/Southclaws/fault/fmsg"
 
-	"github.com/crewjam/csp"
 	"github.com/osdevisnot/sorvor/pkg/livereload"
 )
 
@@ -52,21 +50,9 @@ log          *log.Logger
 	reader       storage.Reader
 	calendar     *calendar.Calendar
 	identity     *identity.Service
-	CSP          *csp.Header
 	*server.App
 }
 
-var CSPHeader = csp.Header{
-	DefaultSrc:             []string{"'none'"},
-	FormAction:             []string{"'none'"},
-	BaseURI:                []string{"'none'"},
-	ImgSrc:                 []string{"'self'", "https://pkg.go.dev/"},
-	ScriptSrc:              []string{"'self'"},
-	StyleSrc:               []string{"'self'"},
-	FrameAncestors:         []string{"https://kagi.com"},
-	RequireTrustedTypesFor: []csp.RequireTrustedTypesFor{csp.RTTFScript},
-}
-
 var ExtraHeaders = map[string]string{
 	"Cache-Control":                "max-age=14400",
 	"X-Content-Type-Options":       "nosniff",
@@ -112,11 +98,6 @@ })
 	roots, err := fetcher.Subscribe()
 	if err != nil {
 		return nil, fault.Wrap(err, fmsg.With("could not set up fetcher"))
-	}
-
-	if opts.Development {
-		CSPHeader.ScriptSrc = slices.Insert(CSPHeader.ScriptSrc, 0, "'unsafe-inline'")
-		CSPHeader.ConnectSrc = slices.Insert(CSPHeader.ConnectSrc, 0, "'self'")
 	}
 
 	firstUpdate := make(chan bool)