From 797f7975b74c0ace96981785cc18505bb4849e93 Mon Sep 17 00:00:00 2001
From: Mark Phelps <209477+markphelps@users.noreply.github.com>
Date: Wed, 4 Oct 2023 14:44:55 -0400
Subject: [PATCH] fix: csp header for monaco editor (#2200)

---
 internal/cmd/http.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/internal/cmd/http.go b/internal/cmd/http.go
index 058ef7d055..f359ab1a36 100644
--- a/internal/cmd/http.go
+++ b/internal/cmd/http.go
@@ -90,7 +90,7 @@ func NewHTTPServer(
 	// TODO: replace with more robust 'mode' detection
 	if !info.IsDevelopment() {
 		r.Use(middleware.SetHeader("X-Content-Type-Options", "nosniff"))
-		r.Use(middleware.SetHeader("Content-Security-Policy", "default-src 'self'; img-src * data:; frame-ancestors 'none';"))
+		r.Use(middleware.SetHeader("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'none';"))
 	}
 
 	r.Use(middleware.RequestID)
@@ -204,7 +204,7 @@ func NewHTTPServer(
 		return server, nil
 	}
 
-	server.Server.TLSConfig = &tls.Config{
+	server.TLSConfig = &tls.Config{
 		MinVersion:               tls.VersionTLS12,
 		PreferServerCipherSuites: true,
 		CipherSuites: []uint16{
@@ -215,7 +215,7 @@ func NewHTTPServer(
 		},
 	}
 
-	server.Server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
+	server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
 
 	server.listenAndServe = func() error {
 		return server.ListenAndServeTLS(cfg.Server.CertFile, cfg.Server.CertKey)