Add missing unsafe-inline CSP directive

Dropbox loads an external script that adds inline javascript. Therefore, this addition is needed when enabling dropbox support. Signed-off-by: Erik Michelson <github@erik.michelson.eu>
author: Erik Michelson 2020-08-23 01:29:53 +0200
committer: Erik Michelson 2020-08-23 01:29:53 +0200
commit: 89322603600b399d6b77692b590cbf00948a6f4c (patch)
tree: 65510b5a4c14a6b6ba5aeaf06231d03c3289854e /lib
parent: f821da6c0934ec1a7ee362b20612d936bd9cebd4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/csp.js b/lib/csp.js
index 5c9c7b3d..24399436 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -33,7 +33,7 @@ var googleAnalyticsDirectives = {
 }
 
 var dropboxDirectives = {
-  scriptSrc: ['https://www.dropbox.com']
+  scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\'']
 }
 
 CspStrategy.computeDirectives = function () {
author	Erik Michelson	2020-08-23 01:29:53 +0200
committer	Erik Michelson	2020-08-23 01:29:53 +0200
commit	89322603600b399d6b77692b590cbf00948a6f4c (patch)
tree	65510b5a4c14a6b6ba5aeaf06231d03c3289854e /lib
parent	f821da6c0934ec1a7ee362b20612d936bd9cebd4 (diff)