hotfix(v1.7.11): add unsafe-eval to CSP for Alpine.js

2026-04-27 10:39:33 +02:00
parent be700fefc3
commit c086fa4260
2 changed files with 2 additions and 2 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-1.7.10
+1.7.11
--- a/backend/main.py
+++ b/backend/main.py
@@ -92,7 +92,7 @@ async def cache_control_middleware(request: Request, call_next):
    if request.url.path.startswith("/api/") or request.url.path in ("/", "/index.html"):
        response.headers["Content-Security-Policy"] = (
            "default-src 'self'; "
-            "script-src 'self' 'unsafe-inline' cdn.jsdelivr.net alcdn.msauth.net; "
+            "script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net alcdn.msauth.net; "
            "style-src 'self' 'unsafe-inline'; "
            "connect-src 'self' https://login.microsoftonline.com; "
            "frame-src 'self' https://login.microsoftonline.com; "