From dfdbace298315dd2fe77582b8d96fa6a83f14c77 Mon Sep 17 00:00:00 2001
From: James Cole <thegrumpydictator@gmail.com>
Date: Sat, 25 Aug 2018 07:55:47 +0200
Subject: [PATCH] Add secure headers middleware.

---
 app/Http/Middleware/SecureHeaders.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index 0069b6f7d1..032e8c9591 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -47,7 +47,7 @@ class SecureHeaders
         $response = $next($request);
 
         $response->header('X-Frame-Options', 'deny');
-        //$response->header('Content-Security-Policy', "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline';base-uri 'self';form-action 'self';font-src 'self';connect-src 'self';img-src 'self'");
+        $response->header('Content-Security-Policy', "default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline';base-uri 'self';form-action 'self';font-src 'self';connect-src 'self';img-src 'self'");
 
         return $response;
     }