/*
 * Self-hosted emoji stylesheet shim.
 *
 * The page links this file SAME-ORIGIN (/css/emoji.css) instead of the
 * third-party https://emoji-css.afeld.me/emoji.css. A same-origin <link>
 * clears the ZAP medium "Sub Resource Integrity Attribute Missing"
 * (SRI only applies to cross-origin <script>/<link> elements).
 *
 * It currently @imports the upstream sheet so emoji keep working with zero
 * downtime. The emoji sprite images load from cdn.jsdelivr.net (allowed in
 * the CSP img-src), so nothing else needs changing.
 *
 * To drop the third-party dependency completely (and not just satisfy SRI),
 * replace the @import below with the actual file contents, e.g. on the server:
 *
 *     curl -s https://emoji-css.afeld.me/emoji.css \
 *          -o /var/www/vhosts/tshirtgang.com/httpdocs/css/emoji.css
 *
 * then remove "https://emoji-css.afeld.me" from SecurityPolicy::buildStyleSrc().
 */
@import url("https://emoji-css.afeld.me/emoji.css");