From 0258676f78e88958385e171c33ebdb5c99017ecc Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Fri, 2 Feb 2024 14:06:39 +0100
Subject: [PATCH] Csp: Include `script-src 'self';

fixes #5180
---
 library/Icinga/Util/Csp.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/Icinga/Util/Csp.php b/library/Icinga/Util/Csp.php
index bd275c608e..c7fbf9a4c9 100644
--- a/library/Icinga/Util/Csp.php
+++ b/library/Icinga/Util/Csp.php
@@ -51,7 +51,11 @@ public static function addHeader(Response $response): void
             throw new RuntimeException('No nonce set for CSS');
         }
 
-        $response->setHeader('Content-Security-Policy', "style-src 'self' 'nonce-$csp->styleNonce';", true);
+        $response->setHeader(
+            'Content-Security-Policy',
+            "script-src 'self'; style-src 'self' 'nonce-$csp->styleNonce';",
+            true
+        );
     }
 
     /**