From 2b8da39bcf8b74965a55e91c07cf905d866b932b Mon Sep 17 00:00:00 2001
From: "Siddharth Gelera (reaper)" <ahoy@barelyhuman.dev>
Date: Wed, 3 Dec 2025 19:57:10 +0530
Subject: [PATCH] fix: update content security policy to allow inline scripts
 (#6139)

---
 packages/bruno-electron/src/index.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/bruno-electron/src/index.js b/packages/bruno-electron/src/index.js
index 5b891ec0e..b28ad6e57 100644
--- a/packages/bruno-electron/src/index.js
+++ b/packages/bruno-electron/src/index.js
@@ -60,6 +60,7 @@ const contentSecurityPolicy = [
   "connect-src 'self' https://*.posthog.com",
   "font-src 'self' https: data:;",
   "frame-src data:",
+  'script-src \'self\' \'unsafe-inline\' data:',
   // this has been commented out to make oauth2 work
   // "form-action 'none'",
   // we make an exception and allow http for images so that