From 1fc95a83b6c9927546eb561381aa78599b155249 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <f@miniflux.net>
Date: Tue, 1 Jun 2021 15:07:09 -0700
Subject: [PATCH] Include 'self' in CSP when using custom styles

---
 template/templates/common/layout.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template/templates/common/layout.html b/template/templates/common/layout.html
index 68a52b45..281a59d9 100644
--- a/template/templates/common/layout.html
+++ b/template/templates/common/layout.html
@@ -34,7 +34,7 @@
 
     {{ if and .user .user.Stylesheet }}
     {{ $stylesheetNonce := nonce }}
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src * data:; media-src *; frame-src *; style-src 'nonce-{{ $stylesheetNonce }}'">
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src * data:; media-src *; frame-src *; style-src 'self' 'nonce-{{ $stylesheetNonce }}'">
     <style nonce="{{ $stylesheetNonce }}">{{ .user.Stylesheet | safeCSS }}</style>
     {{ else }}
     <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src * data:; media-src *; frame-src *">
-- 
GitLab