Index: openacs-4/packages/richtext-xinha/tcl/richtext-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/richtext-xinha/tcl/richtext-procs.tcl,v
diff -u -r1.4.2.3 -r1.4.2.4
--- openacs-4/packages/richtext-xinha/tcl/richtext-procs.tcl	18 Feb 2022 10:16:24 -0000	1.4.2.3
+++ openacs-4/packages/richtext-xinha/tcl/richtext-procs.tcl	28 Feb 2022 13:55:08 -0000	1.4.2.4
@@ -225,11 +225,18 @@
         set prefix [dict get $resource_info prefix]
 
         if {[dict exists $resource_info cdnHost] && [dict get $resource_info cdnHost] ne ""} {
-            security::csp::require script-src [dict get $resource_info cdnHost]
-            security::csp::require style-src  [dict get $resource_info cdnHost]
-            security::csp::require img-src    [dict get $resource_info cdnHost]
+            security::csp::require connect-src [dict get $resource_info cdnHost]
+            security::csp::require script-src  [dict get $resource_info cdnHost]
+            security::csp::require style-src   [dict get $resource_info cdnHost]
+            security::csp::require img-src     [dict get $resource_info cdnHost]
         }
 
+        #
+        # Add required general directives for content security policies.
+        #
+        security::csp::require script-src 'unsafe-eval'
+        security::csp::require -force script-src 'unsafe-inline'
+
         template::add_body_script -src $prefix/XinhaEasy.js -script $conf
     }