From 67adf37017d18f8872730799753a52b3318204a8 Mon Sep 17 00:00:00 2001
From: Simon Hyll <hyllsimon@gmail.com>
Date: Tue, 21 May 2024 04:53:38 +0200
Subject: [PATCH] fix: relaxing CSP settings

---
 astro.config.mjs | 4 ++++
 public/_headers  | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/astro.config.mjs b/astro.config.mjs
index 3aa1b7ffe..8e89a5619 100644
--- a/astro.config.mjs
+++ b/astro.config.mjs
@@ -113,6 +113,10 @@ export default defineConfig({
 					tag: 'meta',
 					attrs: { name: 'theme-color', content: '#181818' },
 				},
+				{
+					tag: 'meta',
+					attrs: { 'http-equiv': 'Content-Security-Policy', content: "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src self data: http: https:; script-src self 'unsafe-inline' 'unsafe-eval'; script-src-elem self 'unsafe-inline' 'unsafe-eval' http:; worker-src 'self' data:;" },
+				},
 			],
 			editLink: {
 				baseUrl: 'https://github.com/tauri-apps/tauri-docs/edit/v2',
diff --git a/public/_headers b/public/_headers
index 284c19622..de2a7be73 100644
--- a/public/_headers
+++ b/public/_headers
@@ -2,4 +2,4 @@
   X-Frame-Options: DENY
   X-XSS-Protection: 1; mode=block
   X-Content-Type-Options: nosniff
-  Content-Security-Policy: default-src 'self';
+  Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src self data: http: https:; script-src self 'unsafe-inline' 'unsafe-eval'; script-src-elem self 'unsafe-inline' 'unsafe-eval' http:; worker-src 'self' data:;