From 0abf8316b10a4f0147f9f9f3163ad93297fe90d5 Mon Sep 17 00:00:00 2001
From: Michael Friese <mfriese@microsoft.com>
Date: Wed, 11 Sep 2024 13:51:50 +0200
Subject: [PATCH] staticwebapp config: add back CSP and allow unsafe-eval and
 unsafe-inline

This adds the CSP back and also adds unsafe-eval and unsafe-inline which are
needed for the search functionality and theme settings.

Fixes #61
---
 static/staticwebapp.config.json | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/static/staticwebapp.config.json b/static/staticwebapp.config.json
index 0502cff..0288347 100644
--- a/static/staticwebapp.config.json
+++ b/static/staticwebapp.config.json
@@ -1,8 +1,9 @@
 {
-  "globalHeaders": {
-    "Content-Type": "text/html; charset=UTF-8",
-    "Permissions-Policy": "geolocation=(), microphone=(), camera=()",
-    "X-Frame-Options": "SAMEORIGIN",
-    "X-Permitted-Cross-Domain-Policies": "none"
-  }
+	"globalHeaders": {
+		"Content-Type": "text/html; charset=UTF-8",
+		"Content-Security-Policy": "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
+		"Permissions-Policy": "geolocation=(), microphone=(), camera=()",
+		"X-Frame-Options": "SAMEORIGIN",
+		"X-Permitted-Cross-Domain-Policies": "none"
+	}
 }