From 689325a536448b6765a7d43a0791d68ede155787 Mon Sep 17 00:00:00 2001
From: William Moore <w.moore@dundee.ac.uk>
Date: Tue, 23 Jan 2024 23:05:22 +0000
Subject: [PATCH] Add quotes to 'unsafe-inline', add 'unsafe-eval'

---
 omeroweb/settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/omeroweb/settings.py b/omeroweb/settings.py
index 45cd1f8c5a..030b1d80c0 100755
--- a/omeroweb/settings.py
+++ b/omeroweb/settings.py
@@ -1181,7 +1181,7 @@ def check_session_engine(s):
     ],
     "omero.web.csp_script_src": [
         "CSP_SCRIPT_SRC",
-        '["\'self\'", "unsafe-inline"]',
+        '["\'self\'", "\'unsafe-inline\'", "\'unsafe-eval\'"]',
         json.loads,
         "Set the CSP script-src directive",
     ],
@@ -1193,7 +1193,7 @@ def check_session_engine(s):
     ],
     "omero.web.csp_style_src": [
         "CSP_STYLE_SRC",
-        '["\'self\'", "unsafe-inline"]',
+        '["\'self\'", "\'unsafe-inline\'"]',
         json.loads,
         "Set the CSP style-src directive",
     ],