From e030c07f946f61a73d4ef17724467778f44700e6 Mon Sep 17 00:00:00 2001
From: mutantmonkey <mutantmonkey@mutantmonkey.in>
Date: Sun, 4 Oct 2015 15:11:23 -0700
Subject: [PATCH] allow unsafe-inline for style-src for now

This is used for the upload progress bar. Hopefully we can find a better
solution in the future for this.
---
 server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server.go b/server.go
index e87a3ec..cf40fd2 100644
--- a/server.go
+++ b/server.go
@@ -135,7 +135,7 @@ func main() {
 	flag.BoolVar(&Config.remoteUploads, "remoteuploads", false,
 		"enable remote uploads")
 	flag.StringVar(&Config.contentSecurityPolicy, "contentSecurityPolicy",
-		"default-src 'self'; img-src 'self' data:; referrer none;",
+		"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
 		"value of default Content-Security-Policy header")
 	flag.StringVar(&Config.fileContentSecurityPolicy, "fileContentSecurityPolicy",
 		"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;",