From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 26027 invoked from network); 26 Aug 2020 16:11:20 -0000
Received: from krantz.zx2c4.com (192.95.5.69)
  by inbox.vuxu.org with ESMTPUTF8; 26 Aug 2020 16:11:20 -0000
Received: 
	by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 1d8714f3;
	Wed, 26 Aug 2020 15:44:05 +0000 (UTC)
Return-Path: <konstantin@linuxfoundation.org>
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com
 [2607:f8b0:4864:20::734])
 by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id 4e66e996
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <cgit@lists.zx2c4.com>;
 Wed, 26 Aug 2020 15:44:04 +0000 (UTC)
Received: by mail-qk1-x734.google.com with SMTP id o64so2360223qkb.10
 for <cgit@lists.zx2c4.com>; Wed, 26 Aug 2020 09:11:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=linuxfoundation.org; s=google;
 h=date:from:to:cc:subject:message-id:mail-followup-to:references
 :mime-version:content-disposition:in-reply-to;
 bh=frHeISA85BaSBFNyhAKUCM7VRbL1Il4hrbx9dPY1OWo=;
 b=XuV4PwbpSEiDrloFrtqd7uoLt3wGC64tWMYY/9kU4fr0gvcOlnFnOcefpF7h1hsKPl
 W/1fxOyAc3pTExzwB6+ApvSYcjYiBuAD+F9ZsjNWFM2yRqo/9tBRXXp9csDEqjKb6Pgp
 fs+K5UrXdnWwxJXYA2DXbfL4DNX5rRfUugGl4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id
 :mail-followup-to:references:mime-version:content-disposition
 :in-reply-to;
 bh=frHeISA85BaSBFNyhAKUCM7VRbL1Il4hrbx9dPY1OWo=;
 b=E0tngVBaWu9xScv5TyNXlcOio6VotAWsePL0rEr5rPBUmVXMnQeKdYLn/RywuZTUqV
 GmZGUWz82d5kZNbJA2COOOKiakq6WD4fkjK4oTFa+DacwsS3Paot7FTxOu9SjXJD3Ygq
 wFmPlBUoOLKxYIURDy0WGHB/8xIbLooAH5MaY5c9CuI9Rologsva17XNuOovMQL57yH5
 sOK41r5SyNCGa5SqaOYt234poKukGrBRcYYMVpOg7F3kW/TTD21esf3SpBapiKexZ7Vh
 Ddsfrr8PxIm/QwHAsdQnu/bJ9ICy35hFFD2gwzfuaanrsXe6wb1LKfsUYmjTkevPoRCm
 JvOQ==
X-Gm-Message-State: AOAM532bKABb1ITsbSlCIGCjsIe3r4Lcs+s0Xp8kehGLEGmNGtWolnp+
 yFSqb8dAvnxYny5vRWKaiBoiHvNXr6KxkBru
X-Google-Smtp-Source: ABdhPJyK0k4A7gaCeOsAe0RUny/qprDa0GpWUCQ2gYoUdBYWGF1P57SRCXxtK7H0kQ4VHGx0Gn6arg==
X-Received: by 2002:a37:cc5:: with SMTP id 188mr14221707qkm.195.1598458277392; 
 Wed, 26 Aug 2020 09:11:17 -0700 (PDT)
Return-Path: <konstantin@linuxfoundation.org>
Received: from chatter.i7.local ([89.36.78.230])
 by smtp.gmail.com with ESMTPSA id y46sm2401962qth.78.2020.08.26.09.11.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 26 Aug 2020 09:11:16 -0700 (PDT)
Date: Wed, 26 Aug 2020 12:11:14 -0400
From: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
To: Mateja Maric <mail@matejamaric.com>
Cc: cgit@lists.zx2c4.com
Subject: Re: Syntax highlighting issue
Message-ID: <20200826161114.p5acwu6ttjhxf6qq@chatter.i7.local>
Mail-Followup-To: Mateja Maric <mail@matejamaric.com>, cgit@lists.zx2c4.com
References: <12e76570-2455-37c7-2df1-fabb61206afc@matejamaric.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <12e76570-2455-37c7-2df1-fabb61206afc@matejamaric.com>
X-BeenThere: cgit@lists.zx2c4.com
X-Mailman-Version: 2.1.30rc1
Precedence: list
List-Id: List for cgit developers and users <cgit.lists.zx2c4.com>
List-Unsubscribe: <https://lists.zx2c4.com/mailman/options/cgit>,
 <mailto:cgit-request@lists.zx2c4.com?subject=unsubscribe>
List-Archive: <http://lists.zx2c4.com/pipermail/cgit/>
List-Post: <mailto:cgit@lists.zx2c4.com>
List-Help: <mailto:cgit-request@lists.zx2c4.com?subject=help>
List-Subscribe: <https://lists.zx2c4.com/mailman/listinfo/cgit>,
 <mailto:cgit-request@lists.zx2c4.com?subject=subscribe>
Errors-To: cgit-bounces@lists.zx2c4.com
Sender: "CGit" <cgit-bounces@lists.zx2c4.com>

On Wed, Aug 26, 2020 at 05:59:06PM +0200, Mateja Maric wrote:
> I use cgit on my server (https://git.matejamaric.com) and syntax
> highlighting doesn't work for some reason.
> 
> My config file is fine (I think) and python-pygments package is installed.
> 
> The weirdest thing is that when I view page source, styling and html span
> tags are there, but code is still not colored for some reason.

If you look at the dev console, you will see the reason:

Refused to apply inline style because it violates the following Content 
Security Policy directive: "default-src 'self'". Either the 
'unsafe-inline' keyword, a hash 
('sha256-icLlI0jX3/L5wqZp69+gNqGNNMcU6bh4T+qqxWv/2as='), or a nonce 
('nonce-...') is required to enable inline execution. Note also that 
'style-src' was not explicitly set, so 'default-src' is used as a 
fallback.

You need to change the Content-Security-Policy header to set style-src 
to allow inline styles. E.g. this is on git.kernel.org:

Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src https:

-K