From 571552b861af0d7985bdc9e60bcedb078ed41c94 Mon Sep 17 00:00:00 2001
From: Piotr Sarnacki <drogus@gmail.com>
Date: Wed, 4 Feb 2015 17:23:58 +0100
Subject: [PATCH] Don't allow unsafe inline scripts

---
 config/environment.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environment.js b/config/environment.js
index 47259a50..61f9dbb2 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -87,7 +87,7 @@ module.exports = function(environment) {
     'default-src': "'none'",
     // TODO: for some reason unsafe-eval is needed when I use collection helper,
     //       we should probably remove it at some point
-    'script-src': "'self' 'unsafe-eval' 'unsafe-inline'",
+    'script-src': "'self' 'unsafe-eval'",
     'font-src': "'self'",
     'connect-src': "'self' https://api.travis-ci.org ws://ws.pusherapp.com wss://ws.pusherapp.com http://sockjs.pusher.com",
     'img-src': "'self' data: https://www.gravatar.com http://www.gravatar.com",