From 7a91e40bb36743115a7242e294328dada7610a35 Mon Sep 17 00:00:00 2001
From: Codex Agent <codex-agent@example.com>
Date: Sat, 24 Jan 2026 21:02:33 +0100
Subject: [PATCH] Allow inline style elements for event-admin CSP

---
 app/Http/Middleware/ContentSecurityPolicy.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/Http/Middleware/ContentSecurityPolicy.php b/app/Http/Middleware/ContentSecurityPolicy.php
index 8009ef5..787d2ad 100644
--- a/app/Http/Middleware/ContentSecurityPolicy.php
+++ b/app/Http/Middleware/ContentSecurityPolicy.php
@@ -33,6 +33,8 @@ class ContentSecurityPolicy
             return $response;
         }
 
+        $allowUnsafeInlineStyles = $request->is('event-admin*');
+
         $matomoOrigin = $this->normaliseOrigin(config('services.matomo.url'));
         $scriptSources = [
             "'self'",
@@ -46,6 +48,9 @@ class ContentSecurityPolicy
             "'nonce-{$styleNonce}'",
             'https:',
         ];
+        if ($allowUnsafeInlineStyles) {
+            $styleSources[] = "'unsafe-inline'";
+        }
 
         $connectSources = [
             "'self'",