From 9edfb64c0831b63db46cd6a264326649d29da4e4 Mon Sep 17 00:00:00 2001
From: Ben Rog-Wilhelm <zorba-github@pavlovian.net>
Date: Mon, 11 Sep 2023 03:09:44 -0500
Subject: [PATCH] Actually clean this up *properly*.

---
 files/routes/allroutes.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/files/routes/allroutes.py b/files/routes/allroutes.py
index 4063a3735..70ccfb47d 100644
--- a/files/routes/allroutes.py
+++ b/files/routes/allroutes.py
@@ -52,11 +52,11 @@ def teardown_request(error):
 @app.after_request
 def after_request(response: Response):
 	response.headers.add("Content-Security-Policy", ("""
-		script-src 'self' https://*.googletagmanager.com;
-		img-src https://*.google-analytics.com https://*.googletagmanager.com;
+		script-src 'self' 'unsafe-inline' https://*.googletagmanager.com;
+		img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
 		connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;
 		object-src 'none';
-	"""))
+	""".replace('\n', '')))
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")
 	return response