allow inline CSS (for lua scripts)

3 files changed, 3 insertions, 6 deletions

diff --git a/src/main.rs b/src/main.rs
index 9f30ef2..ffa6486 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -239,10 +239,8 @@ async fn service<C: Controller>(
         .entry(header::CONTENT_SECURITY_POLICY)
         .or_insert_with(|| {
             format!(
-                "default-src 'self'; frame-src {}; script-src {}; style-src {}",
-                frame_csp,
-                script_csp,
-                include_str!("static/style.css.sha"),
+                "default-src 'self'; frame-src {}; script-src {}; style-src 'unsafe-inline'",
+                frame_csp, script_csp,
             )
             .parse()
             .unwrap()
diff --git a/src/static/style.css.sha b/src/static/style.css.sha
deleted file mode 100644
index 8d6fda2..0000000
--- a/src/static/style.css.sha
+++ /dev/null
@@ -1 +0,0 @@
-'sha256-4QS8BIXdar+z3XbKs6xgOap7gK1ItUV+Q2S8j9ukFx8='
\ No newline at end of file
diff --git a/src/static/update_hashes.sh b/src/static/update_hashes.sh
index 3bcdb78..d1c14d2 100755
--- a/src/static/update_hashes.sh
+++ b/src/static/update_hashes.sh
@@ -1,5 +1,5 @@
 #/bin/sh
 cd "$(dirname "$0")"
-for script in style.css edit_script.js; do
+for script in edit_script.js; do
 	printf "'sha256-%s'" $(shasum -a 256 < $script | cut -d' ' -f1 | xxd -r -p | base64 -w 0) > $script.sha
 done