From cc97d5b0be45e0889888d99b034424893b37aeaf Mon Sep 17 00:00:00 2001 From: Ariadne Conill Date: Fri, 2 Feb 2024 21:07:12 -0800 Subject: [PATCH] CSP: allow unsafe-inline for CSS --- config/initializers/content_security_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index e43e38786c..cd4caab294 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -36,7 +36,7 @@ Rails.application.config.content_security_policy do |p| p.frame_ancestors :none p.font_src :self, assets_host p.img_src :self, :data, :blob, *media_hosts - p.style_src :self, assets_host + p.style_src :self, :unsafe_inline, assets_host p.media_src :self, :data, *media_hosts p.frame_src :self, :https p.manifest_src :self, assets_host