staticwebapp config: allow unsafe-eval and unsafe-inline in CSP

Currently the website complains that both unsafe-eval and unsafe-inline are not allowed by the Content Security Policy. However, it seems that the former is required for the search feature and the latter to be able to store the theme selection. The theme selection could be imported differently to prevent the need for unsafe-inline, but for the time being this should solve both issues. Fixes #61
inspektor-gadget · Sep 11, 2024 · 2a3bd0b · 2a3bd0b
1 parent a4ed0bb
commit 2a3bd0b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/static/staticwebapp.config.json b/static/staticwebapp.config.json
@@ -1,9 +1,9 @@
 {
 	"globalHeaders": {
 		"Content-Type": "text/html; charset=UTF-8",
-		"Content-Security-Policy": "script-src 'self'",
+		"Content-Security-Policy": "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
 		"Permissions-Policy": "geolocation=(), microphone=(), camera=()",
 		"X-Frame-Options": "SAMEORIGIN",
 		"X-Permitted-Cross-Domain-Policies": "none"
 	}
-}
+}