From bf2862888f4465c2533c3af8104e3cb7d3c2713f Mon Sep 17 00:00:00 2001
From: Martin Stone <martin@d7415.co.uk>
Date: Mon, 22 May 2023 09:22:17 +0100
Subject: [PATCH] Remove duplicate link. Tweak comment

---
 app/Providers/AppServiceProvider.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index b4642c7fd3..fe8b1b6ce7 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -115,12 +115,11 @@ public function boot()
 		 */
 		LogViewer::auth(function ($request) {
 			// We must disable unsafe-eval because vue3 used by log-viewer requires it.
-			// We must disable unsafe-inline because log-viewer uses inline script with parameter to boot.
+			// We must disable unsafe-inline (and hashes) because log-viewer uses inline script with parameter to boot.
 			// Those parameters are not know by Lychee if someone modifies the config.
 			// We only do that in that specific case. It is disabled by default otherwise.
 			config(['secure-headers.csp.script-src.unsafe-eval' => true]);
 			config(['secure-headers.csp.script-src.unsafe-inline' => true]);
-			config(['secure-headers.csp.script-src.unsafe-inline' => true]);
 			config(['secure-headers.csp.script-src.hashes.sha256' => []]);
 
 			// Allow to bypass when debug is ON and when env is dev