fix: admin CSP allow inline scripts

script-src 'self' 'unsafe-inline' added to admin Content-Security-Policy. default-src 'self' was blocking OverType editor init block and the dev live-reload poller. Admin section is auth-gated so unsafe-inline is acceptable.
2026-05-06 11:09:18 +02:00 · 2026-04-06 16:49:14 +02:00
parent e6960f0c9c
commit b45e6c50cc
4 changed files with 21 additions and 10 deletions
--- a/1
+++ b/1
@@ -70,7 +70,6 @@ deploy-nginx:
    @echo "Files uploaded. SSH into the server and run:"
    @echo ""
    @echo "  sudo bash /tmp/deploy-server.sh"
-    @echo "  sudo systemctl reload nginx"
    @echo ""

 [group('deploy')]