From 11b70346b0884f620f5e9fda8e72e331a5912220 Mon Sep 17 00:00:00 2001
From: Jeremy Jameson <jjameson@technologytoolbox.com>
Date: Mon, 15 Nov 2021 18:26:03 -0700
Subject: [PATCH] Modify CSP HTTP header to allow inline styles

This is required by custom components (e.g. the "Tags" partial that renders tags with various font sizes and weights) as well as Bootstrap itself:

https://github.com/twbs/bootstrap/issues/25394
---
 config/_default/config.toml     | 2 +-
 static/staticwebapp.config.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/_default/config.toml b/config/_default/config.toml
index 78a5e5b0..c135aa2a 100644
--- a/config/_default/config.toml
+++ b/config/_default/config.toml
@@ -43,5 +43,5 @@ enableGitInfo = true
 [[server.headers]]
   for = '/**'
   [server.headers.values]
-    Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;"
+    Content-Security-Policy = "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;"
     X-Frame-Options = 'DENY'
\ No newline at end of file
diff --git a/static/staticwebapp.config.json b/static/staticwebapp.config.json
index 864f5f93..5e31393f 100644
--- a/static/staticwebapp.config.json
+++ b/static/staticwebapp.config.json
@@ -1,6 +1,6 @@
 {
   "globalHeaders": {
-    "Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' https://cdnjs.cloudflare.com;",
+    "Content-Security-Policy": "default-src 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com; img-src 'self' data: https://*.technologytoolbox.com; script-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;",
     "X-Frame-Options": "DENY"
   }
 }