From 8a23a849da921585f51bd30903e1269d0cc24aea Mon Sep 17 00:00:00 2001
From: grabowski <berwn@buildfor.life>
Date: Fri, 17 Apr 2026 14:32:12 +0700
Subject: [PATCH] Fix CSP: allow unsafe-inline scripts for SvelteKit hydration

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/hooks.server.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index 185235e..b2997bc 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -34,7 +34,7 @@ export const handle: Handle = async ({ event, resolve }) => {
 
 	response.headers.set(
 		'Content-Security-Policy',
-		"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'"
+		"default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'"
 	);
 	response.headers.set('X-Content-Type-Options', 'nosniff');