From 0faf0a0759895c16d10f0606da25a97d278c97d8 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Thu, 2 Sep 2021 16:35:29 +0200
Subject: [PATCH] Maintenance: Remove obsolete CSP header unsafe_inline
 configuration exception.

---
 config/initializers/content_security_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 7d504fd97..844eb4a91 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -37,7 +37,7 @@ Rails.application.config.content_security_policy do |policy|
   policy.font_src    :self, :data
   policy.img_src     '*', :data
   policy.object_src  :none
-  policy.script_src  :self, :unsafe_eval, :unsafe_inline, :strict_dynamic
+  policy.script_src  :self, :unsafe_eval, :strict_dynamic
   policy.style_src   :self, :unsafe_inline
   policy.frame_src   'www.youtube.com', 'player.vimeo.com'
 end