From 4c119e313a6c1ab74da9c81daad7173a6608553b Mon Sep 17 00:00:00 2001
From: Diwakar <diwakar.s.maurya@gmail.com>
Date: Sun, 1 Dec 2024 11:04:51 +0700
Subject: [PATCH 1/2] Update env-configuration.md

Update docs as per https://github.com/open-webui/open-webui/pull/7493
---
 docs/getting-started/advanced-topics/env-configuration.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/getting-started/advanced-topics/env-configuration.md b/docs/getting-started/advanced-topics/env-configuration.md
index 82f0537..d2878cd 100644
--- a/docs/getting-started/advanced-topics/env-configuration.md
+++ b/docs/getting-started/advanced-topics/env-configuration.md
@@ -345,6 +345,12 @@ requests initiated by third-party websites, but only over HTTPS.
 - Default: `False`
 - Description: Sets the `Secure` attribute for session cookies if set to `True`.
 
+#### `CONTENT_SECURITY_POLICY`
+
+- Type: `str`
+- Description: Sets the `content-security-policy` HTTP header
+- Example: `default-src 'self' 'unsafe-inline'; img-src 'self' https://* data:; child-src 'none'; font-src 'self' data:;`
+
 #### `AIOHTTP_CLIENT_TIMEOUT`
 
 - Type: `int`

From 9197ac05bd1b815b0a854e9a2517e296eb17ec4a Mon Sep 17 00:00:00 2001
From: Diwakar <diwakar.s.maurya@gmail.com>
Date: Sun, 1 Dec 2024 17:30:47 +0700
Subject: [PATCH 2/2] Update example value

---
 docs/getting-started/advanced-topics/env-configuration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/getting-started/advanced-topics/env-configuration.md b/docs/getting-started/advanced-topics/env-configuration.md
index d2878cd..3cfba32 100644
--- a/docs/getting-started/advanced-topics/env-configuration.md
+++ b/docs/getting-started/advanced-topics/env-configuration.md
@@ -349,7 +349,7 @@ requests initiated by third-party websites, but only over HTTPS.
 
 - Type: `str`
 - Description: Sets the `content-security-policy` HTTP header
-- Example: `default-src 'self' 'unsafe-inline'; img-src 'self' https://* data:; child-src 'none'; font-src 'self' data:;`
+- Example: `default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; child-src 'none'; font-src 'self' data:; worker-src 'self';`
 
 #### `AIOHTTP_CLIENT_TIMEOUT`