Content Security Policy restrictions workaround #1263
Maybe this issue can be fixed by changing some functions.
// Check for css support
Cross Post From StackOverflow.
I am attempting to use the new Content Security Policy (CSP) HTTP headers on a test site. When I use CSP in conjunction with Modernizr I get CSP violation errors. This is the CSP policy I am using:
These are the errors from the Chrome browser console:
This workaround was first put forward in March, is there no more progress in getting this issue resolved. There is a comment in the StackOverflow question in which someone suggests taking a look at AngularJS as they have full support for CSP.
I know that I can include the unsafe-inline directive which can get around this error but this also enables unsafe code to run and negates the use of CSP in the first place. Does anyone have any solutions.
Is there a fix for this that doesn't involve 'unsafe-eval' or 'unsafe-inline'? I just downloaded the latest from NuGet, v. 2.8.3 but still received the following errors: