From 225a5c3cf3734fe6c4ff82f907bcc91aaae4c0fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Fri, 13 Nov 2015 03:02:35 +0100
Subject: [PATCH] Update the NWebSec options to support local scripts

---
 src/OpenIddict.Mvc/OpenIddictExtensions.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OpenIddict.Mvc/OpenIddictExtensions.cs b/src/OpenIddict.Mvc/OpenIddictExtensions.cs
index f220a6ba..0daf262d 100644
--- a/src/OpenIddict.Mvc/OpenIddictExtensions.cs
+++ b/src/OpenIddict.Mvc/OpenIddictExtensions.cs
@@ -30,7 +30,7 @@ namespace Microsoft.AspNet.Builder {
                 // See https://nwebsec.codeplex.com/wikipage?title=Configuring%20Content%20Security%20Policy&referringTitle=NWebsec
                 owin.UseCsp(options => options.DefaultSources(directive => directive.Self())
                                               .ImageSources(directive => directive.Self().CustomSources("*"))
-                                              .ScriptSources(directive => directive.UnsafeInline())
+                                              .ScriptSources(directive => directive.Self().UnsafeInline())
                                               .StyleSources(directive => directive.Self().UnsafeInline()));
 
                 // Insert a new middleware responsible of setting the X-Content-Type-Options header.