diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index b4642c7fd3..fe8b1b6ce7 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -115,12 +115,11 @@ public function boot()
 		 */
 		LogViewer::auth(function ($request) {
 			// We must disable unsafe-eval because vue3 used by log-viewer requires it.
-			// We must disable unsafe-inline because log-viewer uses inline script with parameter to boot.
+			// We must disable unsafe-inline (and hashes) because log-viewer uses inline script with parameter to boot.
 			// Those parameters are not know by Lychee if someone modifies the config.
 			// We only do that in that specific case. It is disabled by default otherwise.
 			config(['secure-headers.csp.script-src.unsafe-eval' => true]);
 			config(['secure-headers.csp.script-src.unsafe-inline' => true]);
-			config(['secure-headers.csp.script-src.unsafe-inline' => true]);
 			config(['secure-headers.csp.script-src.hashes.sha256' => []]);
 
 			// Allow to bypass when debug is ON and when env is dev