From 339bdddc384aa655fa186dc36e02cc587487d4af Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 25 Jun 2020 11:00:33 -0700
Subject: [PATCH] Fix for Vue js not loading due to CSP :(

---
 app/Http/Middleware/SecurityHeaders.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php
index a7fd059eaa85..46f95d383625 100644
--- a/app/Http/Middleware/SecurityHeaders.php
+++ b/app/Http/Middleware/SecurityHeaders.php
@@ -87,7 +87,7 @@ public function handle($request, Closure $next)
         }
 
 
-        // This defaults to false to maintain backwards compatibility
+        // This defaults to false to maintain backwards compatibility for
         // people who are not running Snipe-IT over TLS (shame, shame, shame!)
         // Seriously though, please run Snipe-IT over TLS. Let's Encrypt is free.
         // https://letsencrypt.org
@@ -102,7 +102,7 @@ public function handle($request, Closure $next)
         if ((config('app.debug')!='true')  || (config('app.enable_csp')=='true')) {
             $csp_policy[] = "default-src 'self'";
             $csp_policy[] = "style-src 'self' 'unsafe-inline'";
-            $csp_policy[] = "script-src 'self' 'unsafe-inline'";
+            $csp_policy[] = "script-src 'self' 'unsafe-inline' 'unsafe-eval'";
             $csp_policy[] = "connect-src 'self'";
             $csp_policy[] = "object-src 'none'";
             $csp_policy[] = "font-src 'self' data:";