Stop using inline scripts.

[jdsdev]

Bug Report

Not exactly a bug perse, but the inline scripts in Snaptcha are the only reason that unsafe-inline is required in my CSP. Given that you have another plugin, Sherlock, which doesn't include unsafe-inline in its default settings, it would be nice if Snaptcha didn't use inline scripts.

Plugin Version

5.0.0

Craft CMS Version

5.3.0.3

PHP Version

No response

[bencroker]

The inline script is an integral part of how Snaptcha protects your forms, so definitely not a bug. I would be open to using inline scripts using a nonce, which would make the mechanism more secure. If that is desirable, please open a new issue.