Add comment to explain why unsafe-inline is needed

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
1 month ago · cea4844b22
parent e179fd4546
commit cea4844b22
1 changed files with 2 additions and 0 deletions
--- a/config/_default/hugo.toml
+++ b/config/_default/hugo.toml
@ -127,6 +127,8 @@ sidebar_menu_compact = true
 [[server.headers]]
  for = '/**'
  [server.headers.values]
+    # `style-src 'unsafe-inline'` is needed to correctly render the maths in the Olm spec:
+    # https://github.com/KaTeX/KaTeX/issues/4096
    Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; media-src 'self'; child-src 'self'; form-action 'self'; object-src 'self'"
    X-XSS-Protection = "1; mode=block"
    X-Content-Type-Options = "nosniff"