Stop using inline scripts.
Closed this issue · 1 comments
jdsdev commented
Bug Report
Not exactly a bug perse, but the inline scripts in Snaptcha are the only reason that unsafe-inline
is required in my CSP. Given that you have another plugin, Sherlock, which doesn't include unsafe-inline
in its default settings, it would be nice if Snaptcha didn't use inline scripts.
Plugin Version
5.0.0
Craft CMS Version
5.3.0.3
PHP Version
No response
bencroker commented
The inline script is an integral part of how Snaptcha protects your forms, so definitely not a bug. I would be open to using inline scripts using a nonce, which would make the mechanism more secure. If that is desirable, please open a new issue.