fix: allow unsafe-inline CSP

lablup · Feb 4, 2025 · c526579 · c526579
1 parent a10db5d
commit c526579
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/ai/backend/web/security.py b/src/ai/backend/web/security.py
@@ -70,7 +70,7 @@ def reject_access_for_unsafe_file_policy(request: web.Request) -> None:
 
 def add_self_content_security_policy(response: web.StreamResponse) -> web.StreamResponse:
     response.headers["Content-Security-Policy"] = (
-        "default-src 'self'; frame-ancestors 'none'; form-action 'self';"
+        "default-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; form-action 'self';"
     )
     return response