From 164224207802e2dc49833ae6788e23c501403679 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Fri, 6 Aug 2021 12:09:20 +0200
Subject: [PATCH] CSP: Allow styles from /css/

Reveal.js styles are hosted there

Signed-off-by: David Mehren <git@herrmehren.de>
---
 lib/csp.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/csp.js b/lib/csp.js
index cebc050c8..b343ea011 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -19,7 +19,7 @@ const defaultDirectives = {
     'https://www.slideshare.net/api/oembed/2',
     '\'unsafe-inline\'' // this is ignored by browsers supporting nonces/hashes
   ],
-  styleSrc: [config.serverURL + '/build/', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
+  styleSrc: [config.serverURL + '/build/', config.serverURL + '/css/', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
   objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
   formAction: ['\'self\'']
 }