From dac44e1b124023d46cefc5c59990da56fa982ae6 Mon Sep 17 00:00:00 2001
From: mifi <badmf@mifi.dev>
Date: Thu, 12 Mar 2026 19:54:15 -0300
Subject: [PATCH] Update Trusted Type loading

---
 static/assets/js/cookie-consent.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/static/assets/js/cookie-consent.js b/static/assets/js/cookie-consent.js
index 9980daf..f8e6d26 100644
--- a/static/assets/js/cookie-consent.js
+++ b/static/assets/js/cookie-consent.js
@@ -12,6 +12,8 @@
     var hasLoadedThirdParty = false;
 
     // Trusted Types support (for CSP `require-trusted-types-for 'script'`)
+    // Clarity's tag script looks up window.trustedTypePolicies[policyName] to load its inner script;
+    // we must expose the policy there for Safari (and other browsers) to avoid TT violations.
     var ttPolicy = null;
     try {
         if (
@@ -23,6 +25,14 @@
                     return url;
                 },
             });
+
+            if (ttPolicy && !window.trustedTypePolicies) {
+                window.trustedTypePolicies = {};
+            }
+
+            if (ttPolicy) {
+                window.trustedTypePolicies['mifi-ventures-policy'] = ttPolicy;
+            }
         }
     } catch (_) {
         ttPolicy = null;