From 7b4decf80310b90e87ca72ddec37e4a35d5d0dad Mon Sep 17 00:00:00 2001
From: Serghei Iakovlev <egrep@protonmail.ch>
Date: Sun, 24 Jul 2022 20:55:45 +0200
Subject: Correct CSP header

---
 netlify-pr.go | 8 ++++----
 netlify.toml  | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/netlify-pr.go b/netlify-pr.go
index e232627..f3e5057 100644
--- a/netlify-pr.go
+++ b/netlify-pr.go
@@ -29,10 +29,10 @@ func main() {
 		repStr := "${1} ${2} blob:${3}"
 		newStr = reStr.ReplaceAllString(newStr, repStr)
 
-		// -> style-src 'self';
-		// <- style-src 'self' 'unsafe-inline';
-		reStr = regexp.MustCompile("(style-src) ('self')(;)")
-		repStr = "${1} ${2} 'unsafe-inline'${3}"
+		// -> style-src 'self' cdn.hypothes.is;
+		// <- style-src 'self' 'unsafe-inline' cdn.hypothes.is;
+		reStr = regexp.MustCompile(`(style-src) ('self') (cdn\.hypothes\.is)(;)`)
+		repStr = "${1} ${2} ${3} 'unsafe-inline'${4}"
 		newStr = reStr.ReplaceAllString(newStr, repStr)
 
 		// -> media-src 'self';
diff --git a/netlify.toml b/netlify.toml
index 08a2b00..15c85ac 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -90,7 +90,7 @@
     Content-Security-Policy = """
     default-src 'self';
     script-src 'self' www.googletagmanager.com hypothes.is cdn.hypothes.is;
-    style-src 'self';
+    style-src 'self' cdn.hypothes.is;
     img-src 'self' data: *.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net;
     font-src 'self';
     connect-src 'self' *.google-analytics.com analytics.google.com www.googletagmanager.com stats.g.doubleclick.net;
-- 
cgit v1.2.3