Use of inline scripts is incompatible with strict Content Security Policy
Opened this issue · 0 comments
MarkusPettersson98 commented
If a webserver is configured with a Content Security Policy (CSP) directive to block inline scripts, serving this website will issue a warning in the browser console: Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”)
.
The bad way of fixing this is to update the CSP to add script-src 'self' 'unsafe-inline';
. The better way of fixing this issue is to get rid of all inline scripts to properly server the website with a strict CSP.