From 1912e4611363f8b7594f51d5945ff7a6c30c4c04 Mon Sep 17 00:00:00 2001
From: James Cole <james@firefly-iii.org>
Date: Fri, 9 Apr 2021 06:05:27 +0200
Subject: [PATCH] Remove strict CSP header for #4622

---
 app/Http/Middleware/SecureHeaders.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index e80efdc003..adfb242a44 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -53,8 +53,6 @@ class SecureHeaders
         $csp               = [
             "default-src 'none'",
             "object-src 'none'",
-            "require-trusted-types-for 'script'",
-            //sprintf("script-src 'unsafe-inline' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
             sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
             "style-src 'unsafe-inline' 'self'",
             "base-uri 'self'",