From 34ee5281aecf2d639f781886313e93771e7bdb71 Mon Sep 17 00:00:00 2001
From: Luiz Ricardo Rodrigues <contato@luizrrodrigues.com.br>
Date: Thu, 4 Aug 2022 23:38:38 -0300
Subject: [PATCH] Revert "remove unsafe-inline csp for veterans"

---
 .circleci/config.yml | 4 ++--
 src/server/index.js  | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 82a9a2c2f3..1fd67a395d 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -355,8 +355,8 @@ workflows:
           context : org-global
           filters:
             branches:
-              only:                
-                - free
+              only:
+                - tco23
       # This is alternate dev env for parallel testing
       - "build-qa":
           context : org-global
diff --git a/src/server/index.js b/src/server/index.js
index 57a60b6d97..70590aa8b8 100644
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -138,11 +138,10 @@ async function onExpressJsSetup(server) {
     res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
 
     if (req.url.startsWith('/__community__/veterans') || req.hostname === 'veterans.topcoder.com' || req.url.startsWith('/__community__/tco') || tcoPattern.test(req.hostname)) {
-      res.header('Cache-Control', 'no-cache');
       res.header(
         'Content-Security-Policy',
         "default-src 'self';"
-        + " script-src 'report-sample' 'self'"
+        + " script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval'"
           + ` ${config.CDN.PUBLIC}`
           + ' http://www.google-analytics.com'
           + ' https://www.google-analytics.com'