jwesselink

script-src:'unsafe-inline' is required in SCP header because of href="javascript:void(0)"

1

`script-src 'unsafe-inline'` is required in the Content-Security-Policy header because of `href="javascript:void(0)"` generated by Carbon. See for an example: https://github.com/IBM/carbon-components-angular/blob/master/src/ui-shell/header/header-menu.component.ts#L76 This resulted in a low priority issue in a security audit....