CSP unsafe-inline directive blocks pdf viewer

[andreasgou]

Bug Report or Feature Request (mark with an x)

- [ ] Regression (a behavior that used to work and stopped working in a new release)
- [x] Bug report -> please search issues before submitting
- [ ] Feature request
- [ ] Documentation issue or request

It seems the script-src 'self' 'unsafe-inline' is mandatory for the pdf viewer to work.

Unfortunately (or not), the security policies enforced by the client does not permit the 'unsafe-inline' directive.

Is there any way to overcome this issue?

THanks!