From 0bb2923b57a2cd875b8aec8b39005f27123e8994 Mon Sep 17 00:00:00 2001
From: Michael Vasseur <14887731+vmcj@users.noreply.github.com>
Date: Sun, 9 Nov 2025 09:58:06 +0100
Subject: [PATCH] Fix Monaco-editor font rendering

Fixes a CSP violation as monaco-editor loads a font over data:.
---
 webapp/src/EventListener/AddContentSecurityPolicyListener.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapp/src/EventListener/AddContentSecurityPolicyListener.php b/webapp/src/EventListener/AddContentSecurityPolicyListener.php
index d244aa0796..52c7aa81be 100644
--- a/webapp/src/EventListener/AddContentSecurityPolicyListener.php
+++ b/webapp/src/EventListener/AddContentSecurityPolicyListener.php
@@ -17,7 +17,7 @@ public function __invoke(ResponseEvent $event): void
         // the profiler requires 'unsafe-eval' for script-src 'self'.
         $response = $event->getResponse();
         $cspExtra = $this->profiler ? "'unsafe-eval'" : "";
-        $csp = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' $cspExtra; img-src 'self' data:; worker-src 'self' blob:";
+        $csp = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' $cspExtra; img-src 'self' data:; worker-src 'self' blob:; font-src 'self' data:;";
         $response->headers->set('Content-Security-Policy', $csp);
     }
 }