From 3798b41392f3aaf5b1858f50e2ad2efd9e09395d Mon Sep 17 00:00:00 2001
From: Klaus Zanders <k.zanders@openproject.com>
Date: Thu, 23 May 2024 15:20:28 +0200
Subject: [PATCH] Fix ContentSecurityPolicy for lookbook

---
 config/initializers/lookbook.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/config/initializers/lookbook.rb b/config/initializers/lookbook.rb
index bfd03771fe86..4530a141d582 100644
--- a/config/initializers/lookbook.rb
+++ b/config/initializers/lookbook.rb
@@ -18,14 +18,17 @@
   ]
 
   # Show pages first, then previews
-  config.lookbook.preview_inspector.sidebar_panels = [:pages, :previews]
+  config.lookbook.preview_inspector.sidebar_panels = %i[pages previews]
   # Show notes first, all other panels next
   config.lookbook.preview_inspector.drawer_panels = [:notes, "*"]
   config.lookbook.ui_theme = "blue"
 
   SecureHeaders::Configuration.named_append(:lookbook) do
     {
-      script_src: %w('unsafe-eval' 'unsafe-inline') # rubocop:disable Lint/PercentStringArray
+      script_src: %w('unsafe-eval' 'unsafe-inline' 'self'), # rubocop:disable Lint/PercentStringArray
+      script_src_elem: %w('unsafe-eval' 'unsafe-inline' 'self'), # rubocop:disable Lint/PercentStringArray
+      style_src: %w('self' 'unsafe-inline'), # rubocop:disable Lint/PercentStringArray
+      style_src_attr: %w('self' 'unsafe-inline') # rubocop:disable Lint/PercentStringArray
     }
   end