From fbbe10e295bdc50bc1b7dcc5fab8dcc00571973e Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 5 Nov 2024 14:48:11 +1000
Subject: [PATCH] Correct missing CSP header (#3177)

---
 server/core/src/https/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/core/src/https/mod.rs b/server/core/src/https/mod.rs
index 6127446ad..026dde008 100644
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@@ -186,7 +186,7 @@ pub async fn create_https_server(
             "frame-ancestors 'none'; ",
             "img-src 'self' data:; ",
             "worker-src 'none'; ",
-            "script-src 'self'{};",
+            "script-src 'self' 'unsafe-eval'{};",
         ),
         js_checksums
     );