From 429e81ad4e1b29b70c7b33c7b88924524c346358 Mon Sep 17 00:00:00 2001
From: rajsite <rajsite@users.noreply.github.com>
Date: Sun, 3 Mar 2024 16:48:32 -0600
Subject: [PATCH] Loosen for workers

---
 angular-workspace/projects/example-client-app/karma.conf.js | 6 ++++--
 angular-workspace/projects/ni/nimble-angular/karma.conf.js  | 6 ++++--
 packages/jasmine-parameterized/karma.conf.cjs               | 6 ++++--
 packages/nimble-components/karma.conf.js                    | 6 ++++--
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/angular-workspace/projects/example-client-app/karma.conf.js b/angular-workspace/projects/example-client-app/karma.conf.js
index 6a5488068d..29aa8aae7b 100644
--- a/angular-workspace/projects/example-client-app/karma.conf.js
+++ b/angular-workspace/projects/example-client-app/karma.conf.js
@@ -46,11 +46,13 @@ module.exports = function (config) {
     customHeaders: [
       // Add a Content-Security-Policy header for the tests
       // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
-      // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+      // Need script-src 'unsafe-inline' to support karma behavior
+      // See https://github.com/karma-runner/karma/issues/3260
+      // Need worker-src blob: to support current worker loading pattern
       {
           match: '\\.html',
           name: 'Content-Security-Policy',
-          value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+          value: "script-src 'self' 'unsafe-inline'; object-src 'self'; worker-src 'self' blob: ;"
       }
   ]
   });
diff --git a/angular-workspace/projects/ni/nimble-angular/karma.conf.js b/angular-workspace/projects/ni/nimble-angular/karma.conf.js
index 1b211f44da..dd29e39e70 100644
--- a/angular-workspace/projects/ni/nimble-angular/karma.conf.js
+++ b/angular-workspace/projects/ni/nimble-angular/karma.conf.js
@@ -52,11 +52,13 @@ module.exports = config => {
         customHeaders: [
             // Add a Content-Security-Policy header for the tests
             // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
-            // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+            // Need script-src 'unsafe-inline' to support karma behavior
+            // See https://github.com/karma-runner/karma/issues/3260
+            // Need worker-src blob: to support current worker loading pattern
             {
                 match: '\\.html',
                 name: 'Content-Security-Policy',
-                value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+                value: "script-src 'self' 'unsafe-inline'; object-src 'self'; worker-src 'self' blob: ;"
             }
         ]
     });
diff --git a/packages/jasmine-parameterized/karma.conf.cjs b/packages/jasmine-parameterized/karma.conf.cjs
index e39b732a9f..74631f1f01 100644
--- a/packages/jasmine-parameterized/karma.conf.cjs
+++ b/packages/jasmine-parameterized/karma.conf.cjs
@@ -62,11 +62,13 @@ module.exports = config => {
         customHeaders: [
             // Add a Content-Security-Policy header for the tests
             // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
-            // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+            // Need script-src 'unsafe-inline' to support karma behavior
+            // See https://github.com/karma-runner/karma/issues/3260
+            // Need worker-src blob: to support current worker loading pattern
             {
                 match: '\\.html',
                 name: 'Content-Security-Policy',
-                value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+                value: "script-src 'self' 'unsafe-inline'; object-src 'self'; worker-src 'self' blob: ;"
             }
         ]
     };
diff --git a/packages/nimble-components/karma.conf.js b/packages/nimble-components/karma.conf.js
index 6f9742eb61..20fbecb42a 100644
--- a/packages/nimble-components/karma.conf.js
+++ b/packages/nimble-components/karma.conf.js
@@ -151,11 +151,13 @@ module.exports = config => {
         customHeaders: [
             // Add a Content-Security-Policy header for the tests
             // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
-            // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+            // Need script-src 'unsafe-inline' to support karma behavior
+            // See https://github.com/karma-runner/karma/issues/3260
+            // Need worker-src blob: to support current worker loading pattern
             {
                 match: '\\.html',
                 name: 'Content-Security-Policy',
-                value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+                value: "script-src 'self' 'unsafe-inline'; object-src 'self'; worker-src 'self' blob: ;"
             }
         ]
     };