From 72b2f015a7d64d0b7aec9054168f38b7941c1fce Mon Sep 17 00:00:00 2001
From: Justin Geibel <jtgeibel@gmail.com>
Date: Tue, 7 Jan 2020 23:49:15 -0500
Subject: [PATCH] Add 'unsafe-inline' for style-src CSP

---
 config/nginx.conf.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/nginx.conf.erb b/config/nginx.conf.erb
index cae7583a38a..23b824ad34a 100644
--- a/config/nginx.conf.erb
+++ b/config/nginx.conf.erb
@@ -142,7 +142,7 @@ http {
 		add_header X-Content-Type-Options "nosniff";
 		add_header X-Frame-Options "SAMEORIGIN";
 		add_header X-XSS-Protection "1; mode=block";
-		add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.google.com; style-src 'self' https://www.google.com https://ajax.googleapis.com; img-src *; object-src 'none'";
+		add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.google.com; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com; img-src *; object-src 'none'";
 
 		add_header Strict-Transport-Security "max-age=31536000" always;
 		add_header Vary 'Accept, Accept-Encoding, Cookie';