From a339b7fa943dd6f39edc719a03095477432af703 Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Thu, 2 May 2024 14:05:14 -1000
Subject: [PATCH] fix(frontend): :bug: Add unsafe-inline to CSP for frontend

---
 utils/response.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/response.ts b/utils/response.ts
index dae67906..c9cf9e66 100644
--- a/utils/response.ts
+++ b/utils/response.ts
@@ -32,7 +32,7 @@ export const clientResponse = (
 ) => {
     return response(data, status, {
         "Content-Security-Policy":
-            "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src *; font-src 'self'; connect-src 'self'; media-src *; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'",
+            "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src *; font-src 'self'; connect-src 'self'; media-src *; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'",
         "Access-Control-Allow-Origin": "null",
         ...headers,
     });