From 4561b7dce23cde8a6ee215a97c0b6acf4fea4d46 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Wed, 10 May 2017 15:02:28 +0200
Subject: [PATCH] Try to fix PDF display problems in Safari

---
 src/pretix/control/views/event.py | 4 ++--
 src/pretix/presale/views/order.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/pretix/control/views/event.py b/src/pretix/control/views/event.py
index dd22c9623..c85e1ddb7 100644
--- a/src/pretix/control/views/event.py
+++ b/src/pretix/control/views/event.py
@@ -316,7 +316,7 @@ class InvoicePreview(EventPermissionRequiredMixin, View):
     def get(self, request, *args, **kwargs):
         pdf = build_preview_invoice_pdf(request.event)
         resp = HttpResponse(pdf, content_type='application/pdf')
-        resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; object-src 'self'"
+        resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; script-src 'unsafe-inline'; object-src 'self'"
         resp['Content-Disposition'] = 'inline; filename="invoice-preview.pdf"'
         return resp
 
@@ -529,7 +529,7 @@ class TicketSettingsPreview(EventPermissionRequiredMixin, View):
         resp = HttpResponse(data, content_type=mimet)
         ftype = fname.split(".")[-1]
         if mimet == "application/pdf":
-            resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; object-src 'self'"
+            resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; script-src 'unsafe-inline'; object-src 'self'"
             resp['Content-Disposition'] = 'inline; filename="ticket-preview.{}"'.format(ftype)
         else:
             resp['Content-Disposition'] = 'attachment; filename="ticket-preview.{}"'.format(ftype)
diff --git a/src/pretix/presale/views/order.py b/src/pretix/presale/views/order.py
index 2b29c31ba..80011b30f 100644
--- a/src/pretix/presale/views/order.py
+++ b/src/pretix/presale/views/order.py
@@ -581,7 +581,7 @@ class OrderDownload(EventViewMixin, OrderDetailMixin, View):
         else:
             resp = FileResponse(ct.file.file, content_type=ct.type)
             if ct.type == "application/pdf":
-                resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; object-src 'self'"
+                resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; script-src 'unsafe-inline'; object-src 'self'"
                 resp['Content-Disposition'] = 'inline; filename="{}-{}-{}{}"'.format(
                     self.request.event.slug.upper(), self.order.code, self.output.identifier, ct.extension
                 )
@@ -620,7 +620,7 @@ class OrderDownload(EventViewMixin, OrderDetailMixin, View):
         else:
             resp = FileResponse(ct.file.file, content_type=ct.type)
             if ct.type == "application/pdf":
-                resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; object-src 'self'"
+                resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; script-src 'unsafe-inline'; object-src 'self'"
                 resp['Content-Disposition'] = 'inline; filename="{}-{}-{}-{}{}"'.format(
                     self.request.event.slug.upper(), self.order.code, self.order_position.positionid,
                     self.output.identifier, ct.extension
@@ -659,6 +659,6 @@ class InvoiceDownload(EventViewMixin, OrderDetailMixin, View):
             return redirect(self.get_order_url())
 
         resp = FileResponse(invoice.file.file, content_type='application/pdf')
-        resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; object-src 'self'"
+        resp['Content-Security-Policy'] = "style-src 'unsafe-inline'; script-src 'unsafe-inline'; object-src 'self'"
         resp['Content-Disposition'] = 'inline; filename="{}.pdf"'.format(invoice.number)
         return resp