From 72fafc5b4fc9fa9365fe43272aeee226e3d01f62 Mon Sep 17 00:00:00 2001
From: Al McKinlay <alistair@10people.co.uk>
Date: Tue, 30 Jan 2018 09:23:34 +0000
Subject: [PATCH] Allow https css

Fixed #2012
---
 src/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server.js b/src/server.js
index 09382047..1ed734d0 100644
--- a/src/server.js
+++ b/src/server.js
@@ -228,7 +228,7 @@ function index(req, res, next) {
 		"default-src 'none'", // default to nothing
 		"form-action 'none'", // no default-src fallback
 		"connect-src 'self' ws: wss:", // allow self for polling; websockets
-		"style-src 'self' 'unsafe-inline'", // allow inline due to use in irc hex colors
+		"style-src 'self' https: 'unsafe-inline'", // allow inline due to use in irc hex colors
 		"script-src 'self'", // javascript
 		"worker-src 'self'", // service worker
 		"child-src 'self'", // deprecated fall back for workers, Firefox <58, see #1902