unfortunately thats too much work with too little benefit. CSP is very useful technology
especially when you load remote content from CDN, but in InfCloud the attack surface is
script will never loaded, and there is no other way to even try to perform an attack ...
So maybe in future ...
On 26 Jul 2021, at 10:16 AM, Ploc
When enabling Content Security Policy on the webserver that serves InfCloud,
unsafe-inline has to be enabled as InfCloud is including some js and some css in the
Do you think it could be possible to remove this requirement, hence making InfCloud mose
secure and reliable?
unsafe-inline and unsafe-eval are obviously a bad habits and they could be easily avoided
by moving css and js code un css and js files.
More informations on demande if you need some.