[Seaside] Content Security Policy (CSP) without unsafe-inline scripts?
Adriaan van Os
a3aan at xs4all.nl
Tue Jul 12 19:12:34 UTC 2022
Hi,
Did anyone try to implement a Content Security Policy (CSP) <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP> without allowing unsafe-inline <https://content-security-policy.com/unsafe-inline/> scripts for a single page (jQuery AJAX) Seaside application? I made a few things working with nonce <https://content-security-policy.com/nonce/>, using a custom subclass of JQScriptGenerator and some other tweaks, but was wondering what other people are doing.
Cheers,
Adriaan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/seaside/attachments/20220712/dcdc39de/attachment.html>
More information about the seaside
mailing list