Add 'unsafe-hashes' with the htmx swap indicator style hash to the
style-src CSP directive. Without this, htmx swap transitions are
blocked by CSP, which can prevent HX-Redirect from being processed
on the SSO login flow.
Security:
- Uses 'unsafe-hashes' (not 'unsafe-inline') so only the specific
htmx style hash is permitted, not arbitrary inline styles
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Kyle Isom
4430ce38a4