From e6588ccf5a6168c5f8a391a74293c83be552fbc4 Mon Sep 17 00:00:00 2001
From: Stephen Hulme <sh51@sanger.ac.uk>
Date: Tue, 21 Apr 2026 09:46:51 +0100
Subject: [PATCH] fix: allow blobs of javascript (legacy scripts in SS)

---
 config/initializers/content_security_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 1a4c755430..d1962721aa 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -15,7 +15,7 @@
   policy.script_src *policy.script_src, :unsafe_eval, "http://#{ ViteRuby.config.host_with_port }" if Rails.env.development?
 
   # You may need to enable this in production as well depending on your setup.
-  policy.script_src *policy.script_src, :blob if Rails.env.test?
+  policy.script_src *policy.script_src, :blob
 
 #     policy.style_src   :self, :https
   # Allow @vite/client to hot reload style changes in development