From cde0c386ced264f214bb4e58c9150d9062c45862 Mon Sep 17 00:00:00 2001
From: Liam Bigelow <40188355+bglw@users.noreply.github.com>
Date: Fri, 29 Jul 2022 10:01:19 +1200
Subject: [PATCH] Add another CSP note

---
 docs/content/docs/hosting.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/content/docs/hosting.md b/docs/content/docs/hosting.md
index be7ef0c1..4b152c1d 100644
--- a/docs/content/docs/hosting.md
+++ b/docs/content/docs/hosting.md
@@ -22,3 +22,5 @@ A [proposal exists](https://github.com/WebAssembly/content-security-policy/blob/
 
 > In the future, hopefully a `wasm-src` attribute / SRI hash validation will be supported in CSP, as proposed in [chrome#961485](https://bugs.chromium.org/p/chromium/issues/detail?id=961485), [chrome#945121](https://bugs.chromium.org/p/chromium/issues/detail?id=945121).  
 [Open an issue](https://github.com/CloudCannon/pagefind/issues) if this is now the case!
+
+If you're using the Pagefind UI snippet as documented you will also need `unsafe-inline`, but this could also be addressed by moving the Pagefind initialization into one of your existing javascript files.