Kyle Isom
4430ce38a4
Add 'unsafe-hashes' with the htmx swap indicator style hash to the style-src CSP directive. Without this, htmx swap transitions are blocked by CSP, which can prevent HX-Redirect from being processed on the SSO login flow. Security: - Uses 'unsafe-hashes' (not 'unsafe-inline') so only the specific htmx style hash is permitted, not arbitrary inline styles Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
36 KiB
36 KiB