From 7a87911a1775d46c45ff40196928eb3f3771a36a Mon Sep 17 00:00:00 2001
From: Bruno Quaresma <bruno@coder.com>
Date: Thu, 8 Dec 2022 18:18:27 +0000
Subject: [PATCH 1/2] fix: Fix CSP for monaco editor scripts

---
 site/site.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/site/site.go b/site/site.go
index 1d0d65abcf108..bcf1977f2f5b9 100644
--- a/site/site.go
+++ b/site/site.go
@@ -266,9 +266,11 @@ func cspHeaders(next http.Handler) http.Handler {
 			CSPDirectiveDefaultSrc: {"'self'"},
 			CSPDirectiveConnectSrc: {"'self'"},
 			CSPDirectiveChildSrc:   {"'self'"},
-			CSPDirectiveScriptSrc:  {"'self'"},
-			CSPDirectiveFontSrc:    {"'self'"},
-			CSPDirectiveStyleSrc:   {"'self' 'unsafe-inline'"},
+			// https://cdn.jsdelivr.net is used by monaco editor on FE for Syntax Highlight
+			CSPDirectiveScriptSrc: {"'self' https://cdn.jsdelivr.net"},
+			// data: is used by monaco editor on FE for Syntax Highlight
+			CSPDirectiveFontSrc:  {"'self' data:"},
+			CSPDirectiveStyleSrc: {"'self' 'unsafe-inline'"},
 			// object-src is needed to support code-server
 			CSPDirectiveObjectSrc: {"'self'"},
 			// blob: for loading the pwa manifest for code-server

From 25304ea5776457b8c5b326ad3f7cbb856cab7906 Mon Sep 17 00:00:00 2001
From: Bruno Quaresma <bruno@coder.com>
Date: Thu, 8 Dec 2022 18:22:34 +0000
Subject: [PATCH 2/2] Add more context

---
 site/site.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/site/site.go b/site/site.go
index bcf1977f2f5b9..924b88f195e39 100644
--- a/site/site.go
+++ b/site/site.go
@@ -267,6 +267,7 @@ func cspHeaders(next http.Handler) http.Handler {
 			CSPDirectiveConnectSrc: {"'self'"},
 			CSPDirectiveChildSrc:   {"'self'"},
 			// https://cdn.jsdelivr.net is used by monaco editor on FE for Syntax Highlight
+			// https://github.com/suren-atoyan/monaco-react/issues/168
 			CSPDirectiveScriptSrc: {"'self' https://cdn.jsdelivr.net"},
 			// data: is used by monaco editor on FE for Syntax Highlight
 			CSPDirectiveFontSrc:  {"'self' data:"},