From 2a3bd0b4a3adf680dd9201e4b3826dff7616fc0c Mon Sep 17 00:00:00 2001
From: Michael Friese <mfriese@microsoft.com>
Date: Wed, 11 Sep 2024 13:51:50 +0200
Subject: [PATCH] staticwebapp config: allow unsafe-eval and unsafe-inline in
 CSP

Currently the website complains that both unsafe-eval and unsafe-inline are not allowed by
the Content Security Policy. However, it seems that the former is required for the search
feature and the latter to be able to store the theme selection. The theme selection could
be imported differently to prevent the need for unsafe-inline, but for the time being this
should solve both issues.

Fixes #61
---
 static/staticwebapp.config.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/static/staticwebapp.config.json b/static/staticwebapp.config.json
index a29b575..0288347 100644
--- a/static/staticwebapp.config.json
+++ b/static/staticwebapp.config.json
@@ -1,9 +1,9 @@
 {
 	"globalHeaders": {
 		"Content-Type": "text/html; charset=UTF-8",
-		"Content-Security-Policy": "script-src 'self'",
+		"Content-Security-Policy": "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
 		"Permissions-Policy": "geolocation=(), microphone=(), camera=()",
 		"X-Frame-Options": "SAMEORIGIN",
 		"X-Permitted-Cross-Domain-Policies": "none"
 	}
-}
\ No newline at end of file
+}