Adding Content Security Policy to Chevereto. (NGINX)

noodlesjtb12 · Dec 23, 2020

Hi all, I've been trying to add a Content Security Policy to my website for quite some time now, and I can, but is there a way to get the CSP to work without using 'unsafe-inline' inside script-src? There was another post about CSP, and I think someone said it won't be added as CSP is deprecated, but it's not. (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)

Could anyone provide some insight on the params I'd need to specify in my CSP to achieve this? Or is it just not possible?

Regards.

Rodolfo · Jan 17, 2021

Is easy as add the meta in the theme file, here the reference. If more are interested in this I could add it to the software

.

noodlesjtb12 · Jan 18, 2021

Rodolfo said:
Is easy as add the meta in the theme file, here the reference. If more are interested in this I could add it to the software .

Thanks for getting back to me.

That's what I tried, but unfortunately, the same thing occurred a lot of scripts and styles are blocked because they are inline executed.

Adding Content Security Policy to Chevereto. (NGINX)

noodlesjtb12

Chevereto Member

Rodolfo

⭐ Chevereto Godlike

noodlesjtb12

Chevereto Member