From b95847c395f304f7ea80fec00ef98958e4090f4a Mon Sep 17 00:00:00 2001
From: rash <rash@rash.codes>
Date: Tue, 17 Mar 2026 10:22:03 +0100
Subject: [PATCH] add missing quotes around 'unsafe-eval' cors value

---
 src/pretix/base/middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pretix/base/middleware.py b/src/pretix/base/middleware.py
index 49b6f3faf8..8ef7dce2ad 100644
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -283,7 +283,7 @@ class SecurityMiddleware(MiddlewareMixin):
             'script-src': ["{static}"] + (["http://localhost:5173", "ws://localhost:5173"] if settings.VITE_DEV_MODE else []),
             'object-src': ["'none'"],
             'frame-src': ['{static}'],
-            'style-src': ["{static}", "{media}"] + (["unsafe-inline"] if settings.VITE_DEV_MODE else []),
+            'style-src': ["{static}", "{media}"] + (["'unsafe-inline'"] if settings.VITE_DEV_MODE else []),
             'connect-src': ["{dynamic}", "{media}"] + (["http://localhost:5173", "ws://localhost:5173"] if settings.VITE_DEV_MODE else []),
             'img-src': ["{static}", "{media}", "data:"] + img_src,
             'font-src': ["{static}"] + list(font_src),