From 457de4a9dd916292159e7f8f7577e01c4913ffec Mon Sep 17 00:00:00 2001
From: Jannik Beyerstedt <code@jannikbeyerstedt.de>
Date: Sat, 15 Oct 2016 20:39:13 +0200
Subject: [PATCH] [SITE] CSP: unsafe-eval is needed for bootstrap carousel,
 somehow

---
 site/snippets/base/html-head.php | 2 +-
 site/snippets/blog-htmlhead.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/site/snippets/base/html-head.php b/site/snippets/base/html-head.php
index 607f0aa..4cfd92e 100644
--- a/site/snippets/base/html-head.php
+++ b/site/snippets/base/html-head.php
@@ -5,7 +5,7 @@
 // copyright: Jannik Beyerstedt | https://jannikbeyerstedt.de
 // license: http://www.gnu.org/licenses/gpl-3.0.txt GPLv3 License
 // -------------------------------------------
-header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
+header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
 
 if( $page->isHomePage() ) {
   $title = $site->title()->html();
diff --git a/site/snippets/blog-htmlhead.php b/site/snippets/blog-htmlhead.php
index 623dc2f..e4b2a16 100644
--- a/site/snippets/blog-htmlhead.php
+++ b/site/snippets/blog-htmlhead.php
@@ -5,7 +5,7 @@
 // copyright: Jannik Beyerstedt | https://jannikbeyerstedt.de
 // license: http://www.gnu.org/licenses/gpl-3.0.txt GPLv3 License
 // -------------------------------------------
-header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
+header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'unsafe-eval' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
 
 if( $page->isHomePage() ) {
   $title = $site->title()->html();