From 1c1c96e6fd0ce41a413aec9a4fd7d490ae7d1ca5 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Sun, 22 Mar 2020 14:20:49 +0100
Subject: allow insafe-inline

---
 instance/production.py | 10 ++++++++--
 instance/sqlite.py     |  9 ++++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/instance/production.py b/instance/production.py
index 05827a56..90f27c1c 100644
--- a/instance/production.py
+++ b/instance/production.py
@@ -33,9 +33,15 @@ CONTENT_SECURITY_POLICY = {
     'media-src': [
         'youtube.com',
     ],
-    'script-src': '\'self\''
+    'script-src': [
+        '\'self\'',
+        '\'unsafe-inline\'',
+    ],
+    'style-src': [
+        '\'self\'',
+        '\'unsafe-inline\'',
+    ]
 }
-
 # Crawler
 CRAWLING_METHOD = "default"
 DEFAULT_MAX_ERROR = 6
diff --git a/instance/sqlite.py b/instance/sqlite.py
index cec46f48..0407ca1b 100644
--- a/instance/sqlite.py
+++ b/instance/sqlite.py
@@ -24,7 +24,14 @@ CONTENT_SECURITY_POLICY = {
     'media-src': [
         'youtube.com',
     ],
-    'script-src': '\'self\''
+    'script-src': [
+        '\'self\'',
+        '\'unsafe-inline\'',
+    ],
+    'style-src': [
+        '\'self\'',
+        '\'unsafe-inline\'',
+    ]
 }
 
 # Crawler
-- 
cgit