feat: allow inline style in csp

ozwaldorf · Oct 12, 2024 · 7903f50 · 7903f50
1 parent f2596ba
commit 7903f50
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/main.rs b/src/main.rs
@@ -59,7 +59,7 @@ fn main(req: Request) -> Result<Response, Error> {
     // - deny all frame ancestors
     res.set_header(
         header::CONTENT_SECURITY_POLICY,
-        "default-src *; object-src 'none'; script-src 'none'; frame-ancestors 'none'",
+        "default-src *; style-src * 'unsafe-inline'; object-src 'none'; script-src 'none'; frame-ancestors 'none'",
     );
 
     Ok(res)
@@ -167,6 +167,12 @@ fn handle_get(req: Request) -> Result<Response, Error> {
     <head>
         <title>no bs pastebin</title>
     </head>
+    <style>
+        body {
+            color: #f4f4f4;
+            background-color: #0b0b0b;
+        }
+    </style>
     <body>
         <pre>"
                         .to_string()