<p></p>
<blockquote>
<blockquote>
<p dir="auto">inline styles are not allowed by our security policy in production</p>
</blockquote>
<p dir="auto">The <code class="notranslate">style-src 'self' 'unsafe-inline'</code> in the CSP header tells me a different story.</p>
</blockquote>
<p dir="auto">OK so it is allowed for views with a map. I'm note sure why that is offhand but our goal is to not have it so we don't add new inline styles ourselves but we sometimes have to allow it for third party components.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/5396#issuecomment-2539951659">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLOO56KOJO6DEPFEMN32FHWRPAVCNFSM6AAAAABTQPSKUSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKMZZHE2TCNRVHE">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLMLDFVOODSHV65IUWT2FHWRPA5CNFSM6AAAAABTQPSKUSWGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTUXMSLCW.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/pull/5396/c2539951659</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/5396#issuecomment-2539951659",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/5396#issuecomment-2539951659",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>