From 8e8aae17b1c616b91510ae71c68a0f7ebbab2ef9 Mon Sep 17 00:00:00 2001
From: Baptiste Gelez <baptiste@gelez.xyz>
Date: Wed, 31 Oct 2018 14:56:17 +0100
Subject: [PATCH] Nginx docs: add 'unsafe-inline' to CSP header (to allow
 avatars to be loaded)

---
 docs/INSTALL.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/INSTALL.md b/docs/INSTALL.md
index b3af4623..3d28db57 100644
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -274,7 +274,7 @@ server {
 	add_header X-Frame-Options DENY;
 	add_header X-Content-Type-Options nosniff;
 	add_header X-XSS-Protection "1; mode=block";
-	add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'self'; frame-src https:";
+	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https:";
 
     location ~*  \.(jpg|jpeg|png|gif|ico|js|pdf)$ {
         add_header Cache-Control "public";