From 6e591b0d52791d11729b5f73665940808909af10 Mon Sep 17 00:00:00 2001
From: tophf <tophf@gmx.com>
Date: Fri, 30 Jul 2021 15:45:27 +0300
Subject: [PATCH] patchCSP option: allow `@import` from any URL (#1297)

---
 background/style-via-webrequest.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/background/style-via-webrequest.js b/background/style-via-webrequest.js
index 6099e547..4913fd28 100644
--- a/background/style-via-webrequest.js
+++ b/background/style-via-webrequest.js
@@ -112,8 +112,8 @@
     // Allow style assets
     patchCspSrc(src, 'img-src', 'data:', '*');
     patchCspSrc(src, 'font-src', 'data:', '*');
-    // Allow our DOM styles
-    patchCspSrc(src, 'style-src', "'unsafe-inline'");
+    // Allow our DOM styles, allow @import from any URL
+    patchCspSrc(src, 'style-src', "'unsafe-inline'", '*');
     // Allow our XHR cookies in CSP sandbox (known case: raw github urls)
     if (src.sandbox && !src.sandbox.includes('allow-same-origin')) {
       src.sandbox.push('allow-same-origin');