module-braintree-magento2 icon indicating copy to clipboard operation
module-braintree-magento2 copied to clipboard

Published 20 hours ago verified publisher icon genecommerce

Remove unsafe-inline as a host in CSP style-src policy

Open Dnd-Coch opened this issue 1 year ago • 0 comments

Remove "unsafe-inline" as a host in CSP whitelist config.

It does add a unsafe-inline string in the Content-Security-Policy HTTP header which is not valid.

The real unsafe-inline directive is already handled in the magento/module-csp/etc/config.xml file:

<styles>
    <policy_id>style-src</policy_id>
    <self>1</self>
    <inline>1</inline>
    <eval>0</eval>
    <dynamic>0</dynamic>
</styles>

Dnd-Coch avatar Mar 01 '24 12:03 Dnd-Coch