change our CSP to allow data: for connect-src, which is used by Shoelace to "load" icons

api/js/etemplate/Styles/shoelace.ts

@@ -14,26 +14,6 @@ registerIconLibrary('default', {
 	},
 });
 
-/**
- * Override some shoelace icons with EGroupware icons
- * In particular, the data: ones give errors with our CSP
- * hacky hack to temporarily work around until CSP issue is fixed
- *
- * @see https://my.egroupware.org/egw/index.php?menuaction=tracker.tracker_ui.edit&tr_id=68774
- */
-const egw_icons = {'chevron-down': 'arrow_down', 'x': 'close', 'x-circle-fill': 'close'}
-registerIconLibrary("system", {
-	resolver: (name) =>
-	{
-		if(egw_icons[name] && egw)
-		{
-			return `${egw.webserverUrl}/pixelegg/images/${egw_icons[name]}.svg`;
-		}
-		return "";
-	}
-});
-
-
 /**
  * Customise shoelace styles to match our stuff
  * External CSS will override this

api/src/Header/ContentSecurityPolicy.php

@@ -80,6 +80,9 @@ class ContentSecurityPolicy
 			}
 			self::$sources[$source] = [];
 		}
+		// Shoelace needs connect-src: data:
+		if ($source === 'connect-src') /** @noinspection UnsupportedStringOffsetOperationsInspection */ $attrs[] = 'data:';
+
 		foreach((array)$attrs as $attr)
 		{
 			if (in_array($attr, array('none', 'self', 'unsafe-eval', 'unsafe-inline')))