From 743c47148407b1c7ac8858542fb16f865c2290bd Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Tue, 17 Apr 2018 21:52:30 +0200
Subject: [PATCH] nginx: temporarily use unsafe-eval in CSP for Isso

Quite a bummer!
---
 layout/nginx.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/layout/nginx.j2 b/layout/nginx.j2
index 4f88bf75..0641668d 100644
--- a/layout/nginx.j2
+++ b/layout/nginx.j2
@@ -6,7 +6,8 @@ add_header    "X-Content-Type-Options" "nosniff";
 add_header    "Strict-Transport-Security" "max-age=31557600; includeSubDomains; preload";
 add_header    "Content-Security-Policy" "{% filter striptags %}
    default-src 'self' blob:;
-   script-src  'self' blob:
+   script-src  'self' blob: 
+               'unsafe-eval'
                {{ media_url('js/') }};
    object-src  'self' {{ media_url('images/') }};
    img-src     'self' data: