Hi,
Did anyone try to implement a Content Security Policy (CSP) https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP without allowing unsafe-inline https://content-security-policy.com/unsafe-inline/ scripts for a single page (jQuery AJAX) Seaside application? I made a few things working with nonce https://content-security-policy.com/nonce/, using a custom subclass of JQScriptGenerator and some other tweaks, but was wondering what other people are doing.
Cheers,
Adriaan.
seaside@lists.squeakfoundation.org