From cea4844b22cb5102257808dd89cce64bd354568c Mon Sep 17 00:00:00 2001
From: Johannes Marbach <n0-0ne+github@mailbox.org>
Date: Wed, 29 Oct 2025 13:55:55 +0100
Subject: [PATCH] Add comment to explain why unsafe-inline is needed

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
---
 config/_default/hugo.toml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/_default/hugo.toml b/config/_default/hugo.toml
index 5bf2f8c6..3fcbf75c 100644
--- a/config/_default/hugo.toml
+++ b/config/_default/hugo.toml
@@ -127,6 +127,8 @@ sidebar_menu_compact = true
 [[server.headers]]
   for = '/**'
   [server.headers.values]
+    # `style-src 'unsafe-inline'` is needed to correctly render the maths in the Olm spec:
+    # https://github.com/KaTeX/KaTeX/issues/4096
     Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; media-src 'self'; child-src 'self'; form-action 'self'; object-src 'self'"
     X-XSS-Protection = "1; mode=block"
     X-Content-Type-Options = "nosniff"