fix: csp script-src-elem remove unsafe inline #29
Labels
bug
Something isn't working
help wanted
Extra attention is needed
question
Further information is requested
Unsafe inline option was added to script-src-elem in Content Security Policy, because htmx.min.js was breaking with only 'self' in that header attribute.
Htmx was breaking only with showing plotly, but otherwise working fine.
This is a fix of the feature added in #28
https://observatory.mozilla.org/analyze/finnish.shuttleapp.rs
https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
The text was updated successfully, but these errors were encountered: